Home » Viren, Trojaner & Malware Forum » Bundespolizei Virus » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

Bundespolizei Virus

21.05.2012, 19:25

Swisstreasure

Moderator

Beiträge: 5694

#16 Erstelle ein neues Log mit OTLPE

21.05.2012, 20:59

Levanael

Member

Themenstarter

Beiträge: 71

#17 soo hier :

OTL logfile created on: 5/21/2012 10:54:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.22 Mb Free Space | 74.23% Space Free | Partition Type: NTFS
Drive D: | 127.87 Gb Total Space | 85.66 Gb Free Space | 66.99% Space Free | Partition Type: NTFS
Drive E: | 150.12 Gb Total Space | 52.77 Gb Free Space | 35.15% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/05/10 16:01:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/10 16:01:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/29 04:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 03:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 03:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/02 06:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto] -- D:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/05/10 16:01:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 16:01:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/12 22:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/01 03:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 03:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 03:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 03:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/29 12:43:16 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/09 03:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/07 05:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/03/24 22:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/19 23:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/28 05:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 09:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/07/30 01:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- D:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=drive&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\MT_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\MT_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
IE - HKU\MT_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2011/09/23 13:00:04 | 000,002,048 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fcmdSrchdrive.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] D:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] D:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] D:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] D:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] D:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] D:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] D:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/05/21 14:27:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Users\MT\Desktop\OTL.exe
[2012/05/21 10:24:15 | 004,500,115 | ---- | C] (Swearware) -- D:\Users\MT\Desktop\ComboFix.exe
[2012/05/21 02:29:08 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/05/18 15:08:55 | 000,000,000 | ---D | C] -- D:\windows\Minidump
[2012/05/17 19:14:07 | 000,214,024 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfehidk.sys
[2012/05/17 19:14:07 | 000,130,424 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\Mpfp.sys
[2012/05/17 19:14:07 | 000,079,816 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfeavfk.sys
[2012/05/17 19:14:07 | 000,040,552 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfesmfk.sys
[2012/05/17 19:14:07 | 000,035,272 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfebopk.sys
[2012/05/17 19:14:07 | 000,034,248 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mferkdk.sys
[2012/05/17 19:14:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\mstime.dll
[2012/05/17 19:13:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\corpol.dll
[2012/05/12 15:35:36 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Sandlot Shared
[2012/05/12 15:35:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Sandlot Games
[2012/05/12 15:21:50 | 000,000,000 | ---D | C] -- D:\Users\MT\AppData\Roaming\temp
[2012/05/12 15:21:27 | 000,000,000 | RH-D | C] -- D:\Users\MT\AppData\Roaming\SecuROM
[2012/05/12 15:21:26 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- D:\windows\System32\CmdLineExt.dll
[2012/05/12 11:18:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ntkrnlpa.exe
[2012/05/12 11:18:29 | 003,913,072 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ntoskrnl.exe
[2012/05/12 11:18:28 | 002,343,424 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\win32k.sys
[2012/05/12 11:17:40 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\DWrite.dll
[2011/02/11 13:40:40 | 000,004,096 | ---- | C] ( ) -- D:\windows\System32\IGFXDEVLib.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/05/21 14:42:06 | 000,067,584 | --S- | M] () -- D:\windows\bootstat.dat
[2012/05/21 14:38:15 | 000,048,775 | ---- | M] () -- D:\Users\MT\Desktop\screen.png
[2012/05/21 14:34:53 | 3150,561,280 | -HS- | M] () -- D:\hiberfil.sys
[2012/05/21 14:33:57 | 000,196,608 | ---- | M] () -- D:\windows\System32\Ikeext.etl
[2012/05/21 14:27:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Users\MT\Desktop\OTL.exe
[2012/05/21 14:25:43 | 000,014,512 | -H-- | M] () -- D:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 14:25:43 | 000,014,512 | -H-- | M] () -- D:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 14:18:13 | 000,001,094 | ---- | M] () -- D:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 10:19:11 | 004,500,115 | ---- | M] (Swearware) -- D:\Users\MT\Desktop\ComboFix.exe
[2012/05/20 15:54:26 | 000,001,098 | ---- | M] () -- D:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 15:08:45 | 205,414,705 | ---- | M] () -- D:\windows\MEMORY.DMP
[2012/05/17 12:11:23 | 000,014,374 | ---- | M] () -- D:\Users\MT\Documents\cc_20120517_181115.reg
[2012/05/17 11:34:04 | 000,699,040 | ---- | M] () -- D:\windows\System32\perfh007.dat
[2012/05/17 11:34:04 | 000,144,454 | ---- | M] () -- D:\windows\System32\perfc007.dat
[2012/05/17 11:34:04 | 000,119,438 | ---- | M] () -- D:\windows\System32\perfc009.dat
[2012/05/17 11:34:04 | 000,000,000 | ---- | M] () -- D:\windows\System32\perfh009.dat
[2012/05/16 09:57:18 | 000,512,187 | ---- | M] () -- D:\Users\MT\Documents\Foto0082.jpg
[2012/05/16 09:57:16 | 000,548,756 | ---- | M] () -- D:\Users\MT\Documents\Foto0083.jpg
[2012/05/16 09:57:16 | 000,531,817 | ---- | M] () -- D:\Users\MT\Documents\Foto0085.jpg
[2012/05/12 15:21:26 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- D:\windows\System32\CmdLineExt.dll
[2012/05/12 15:17:11 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/05/12 14:50:56 | 000,277,656 | ---- | M] () -- D:\windows\System32\FNTCACHE.DAT
[2012/05/12 14:06:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 16:01:03 | 000,137,928 | ---- | M] (Avira GmbH) -- D:\windows\System32\drivers\avipbb.sys
[2012/05/10 16:01:03 | 000,083,392 | ---- | M] (Avira GmbH) -- D:\windows\System32\drivers\avgntflt.sys
[2012/04/29 12:04:06 | 000,537,114 | ---- | M] () -- D:\Users\MT\Documents\Foto0056.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/05/21 14:38:15 | 000,048,775 | ---- | C] () -- D:\Users\MT\Desktop\screen.png
[2012/05/18 15:08:45 | 205,414,705 | ---- | C] () -- D:\windows\MEMORY.DMP
[2012/05/17 12:11:19 | 000,014,374 | ---- | C] () -- D:\Users\MT\Documents\cc_20120517_181115.reg
[2012/05/16 09:59:26 | 000,531,817 | ---- | C] () -- D:\Users\MT\Documents\Foto0085.jpg
[2012/05/16 09:59:16 | 000,548,756 | ---- | C] () -- D:\Users\MT\Documents\Foto0083.jpg
[2012/05/16 09:59:08 | 000,512,187 | ---- | C] () -- D:\Users\MT\Documents\Foto0082.jpg
[2012/04/29 12:05:48 | 000,537,114 | ---- | C] () -- D:\Users\MT\Documents\Foto0056.jpg
[2011/09/28 16:52:18 | 000,021,265 | ---- | C] () -- D:\Users\MT\AppData\Roaming\UserTile.png
[2011/06/24 05:49:42 | 000,252,928 | ---- | C] () -- D:\windows\System32\DShowRdpFilter.dll
[2011/04/15 09:04:21 | 000,131,368 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2011/02/11 14:10:52 | 000,439,308 | ---- | C] () -- D:\windows\System32\igcompkrng500.bin
[2011/02/11 14:10:50 | 000,982,240 | ---- | C] () -- D:\windows\System32\igkrng500.bin
[2011/02/11 14:10:50 | 000,092,356 | ---- | C] () -- D:\windows\System32\igfcg500m.bin
[2011/02/11 13:38:44 | 000,000,151 | ---- | C] () -- D:\windows\System32\GfxUI.exe.config
[2010/06/13 19:33:19 | 000,307,200 | ---- | C] () -- D:\windows\SetDisplayResolution.exe
[2010/06/13 19:10:58 | 000,001,470 | ---- | C] () -- D:\windows\HotFixList.ini
[2010/06/12 21:47:23 | 000,699,040 | ---- | C] () -- D:\windows\System32\perfh007.dat
[2010/06/12 21:47:23 | 000,295,922 | ---- | C] () -- D:\windows\System32\perfi007.dat
[2010/06/12 21:47:23 | 000,144,454 | ---- | C] () -- D:\windows\System32\perfc007.dat
[2010/06/12 21:47:23 | 000,038,104 | ---- | C] () -- D:\windows\System32\perfd007.dat
[2010/06/12 21:26:14 | 000,004,608 | ---- | C] () -- D:\windows\System32\HdmiCoin.dll
[2010/06/12 21:26:13 | 000,134,592 | ---- | C] () -- D:\windows\System32\igfcg500.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,277,656 | ---- | C] () -- D:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,119,438 | ---- | C] () -- D:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\windows\System32\perfd009.dat
[2009/07/13 22:05:48 | 000,000,000 | ---- | C] () -- D:\windows\System32\perfh009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/05/14 15:08:25 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2011/05/14 15:08:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/04/15 09:09:14 | 000,000,000 | ---D | M] -- D:\ProgramData\OberonGameConsole
[2011/05/09 15:59:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2010/06/13 19:34:18 | 000,000,000 | ---D | M] -- D:\ProgramData\SAMSUNG
[2012/05/12 15:35:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2011/10/22 12:38:18 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/05/12 16:27:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/05/15 23:22:50 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2011/11/19 20:48:49 | 000,000,000 | ---D | M] -- D:\ProgramData\WinClon
[2012/05/17 08:56:51 | 000,032,640 | ---- | M] () -- D:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

< End of report >
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

21.05.2012, 21:10

Swisstreasure

Moderator

Beiträge: 5694

#18 Fixen mit OTLpe

• Starte den unbootbaren Computer erneut mit der OTLPE-CD,
• warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.
• Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:

Code

:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=drive&s={searchTerms}&f=4
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
[2012/05/17 19:14:07 | 000,214,024 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfehidk.sys
[2012/05/17 19:14:07 | 000,130,424 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\Mpfp.sys
[2012/05/17 19:14:07 | 000,079,816 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfeavfk.sys
[2012/05/17 19:14:07 | 000,040,552 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfesmfk.sys
[2012/05/17 19:14:07 | 000,035,272 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mfebopk.sys
[2012/05/17 19:14:07 | 000,034,248 | ---- | C] (McAfee, Inc.) -- D:\windows\System32\drivers\mferkdk.sys

:Commands
[purity]
[emptytemp]

• Sollte das mangels Internet-Verbindung nicht möglich sein,
• kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
• Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
• Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
• Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
• Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

21.05.2012, 21:47

Levanael

Member

Themenstarter

Beiträge: 71

#19 ========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
File Error locating startup folders. not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File D:\windows\System32\drivers\mfehidk.sys not found.
File D:\windows\System32\drivers\Mpfp.sys not found.
File D:\windows\System32\drivers\mfeavfk.sys not found.
File D:\windows\System32\drivers\mfesmfk.sys not found.
File D:\windows\System32\drivers\mfebopk.sys not found.
File D:\windows\System32\drivers\mferkdk.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: MT
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17582 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 05222012_003538

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

21.05.2012, 21:47

Swisstreasure

Moderator

Beiträge: 5694

#20 Schritt 1

Gehe auf C:\Windows\winsxs und Suche nach *.ttf. Die so gefundenen Schriftarten markieren --> Rechtsklick "Installieren" Bereits existierende Schriftarten musst Du nicht überschreiben.

Schritt 2

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

21.05.2012, 23:25

Levanael

Member

Themenstarter

Beiträge: 71

#21 nix gefunden.. alles ok und die schriften funktionieren auch wieder.. dankeeeee

Wirklich super Support hier!

__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

21.05.2012, 23:26

Swisstreasure

Moderator

Beiträge: 5694

#22 Schritt 1

AntiVir - Funde rauskopieren

Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
Typ anklicken, damit die Ereignisse nach Typart sortiert werden.
Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

Schritt 2

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.
• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
Mache während dem Scan nichts am Rechner

• Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
• Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.

• Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
• Bitte poste mir den Inhalt hier in deinen Thread.

Bebilderte Anleitung zur Benutzung von TDSSKiller.

Schritt 3

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

21.05.2012, 23:51

Levanael

Member

Themenstarter

Beiträge: 71

#23 OTL logfile created on: 5/22/2012 2:44:40 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\MT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 71.33% Memory free
5.86 Gb Paging File | 4.89 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.87 Gb Total Space | 84.91 Gb Free Space | 66.40% Space Free | Partition Type: NTFS
Drive D: | 150.12 Gb Total Space | 52.77 Gb Free Space | 35.15% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 660.86 Mb Free Space | 94.03% Space Free | Partition Type: UDF
Drive G: | 40.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MT-PC | User Name: MT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/05/21 20:27:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe
PRC - [2012/05/10 22:01:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 22:01:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/10 22:01:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 22:01:03 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/03/19 13:38:48 | 002,279,296 | ---- | M] (TeamViewer GmbH) -- c:\users\mt\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe
PRC - [2012/03/19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Users\MT\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Users\MT\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/03 12:18:16 | 003,779,504 | ---- | M] (Telefónica I+D) -- C:\Program Files\o2\Mobile Connection Manager\EMMSN.exe
PRC - [2010/08/02 12:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010/06/17 03:19:08 | 000,350,640 | ---- | M] (Telefónica I+D) -- C:\Program Files\o2\Nori\Nori.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/08/03 12:18:18 | 000,124,848 | ---- | M] () -- C:\Program Files\o2\Mobile Connection Manager\AgendaLib.dll
MOD - [2010/07/08 13:42:14 | 000,508,760 | ---- | M] () -- C:\Program Files\o2\Mobile Connection Manager\sqlite3.dll
MOD - [2010/06/17 03:19:16 | 000,201,136 | ---- | M] () -- C:\Program Files\o2\Nori\legplgs\plgalc.dll
MOD - [2010/06/17 03:19:12 | 000,240,048 | ---- | M] () -- C:\Program Files\o2\Nori\legplgs\plghwi.dll
MOD - [2010/06/17 03:19:10 | 000,191,920 | ---- | M] () -- C:\Program Files\o2\Nori\legplgs\plgati.dll
MOD - [2010/06/12 03:19:38 | 000,018,864 | ---- | M] () -- C:\Program Files\o2\Mobile Connection Manager\langs\de_DE_md.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/05/10 22:01:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/10 22:01:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/29 10:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/02 12:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/05/10 22:01:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 22:01:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/13 04:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/29 18:43:16 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/07 11:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/03/25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/07/30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=drive&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE431
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2011/09/23 19:00:04 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchdrive.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27422C56-3EFA-4FDE-838D-3448B5876794}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29975BFE-BCA3-46D0-A943-E9C98BECC743}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{559A8DFC-FE5F-4BA8-8A6C-FF2BAAA0C89D}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01204E6-3498-4762-BE85-5AE5592765BC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/02 18:07:28 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/04/12 19:14:36 | 000,000,044 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{032cbd53-539d-11e1-bfbe-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{032cbd53-539d-11e1-bfbe-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0ca6f21f-8f97-11e0-aadf-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{0ca6f21f-8f97-11e0-aadf-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{21bc465b-9d31-11e0-89ad-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{21bc465b-9d31-11e0-89ad-002454e62d97}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/04/02 18:07:28 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{22c6145b-d0dc-11e0-8a38-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{22c6145b-d0dc-11e0-8a38-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22c6146b-d0dc-11e0-8a38-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{22c6146b-d0dc-11e0-8a38-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{32f5e9b6-8364-11e0-894a-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{32f5e9b6-8364-11e0-894a-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4d37d05d-d1b5-11e0-a2f2-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{4d37d05d-d1b5-11e0-a2f2-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5b34b67a-a316-11e0-8dd1-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{5b34b67a-a316-11e0-8dd1-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5e2cb1c3-d65e-11e0-a992-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{5e2cb1c3-d65e-11e0-a992-002454e62d97}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/04/02 18:07:28 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{72663455-7e8d-11e0-8654-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{72663455-7e8d-11e0-8654-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{82508d3f-7e2d-11e0-b0fb-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{82508d3f-7e2d-11e0-b0fb-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{82508d4f-7e2d-11e0-b0fb-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{82508d4f-7e2d-11e0-b0fb-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8f9099e1-d8a6-11e0-a28e-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9099e1-d8a6-11e0-a28e-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90b8d566-9c39-11e0-abb9-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{90b8d566-9c39-11e0-abb9-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90b8d573-9c39-11e0-abb9-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{90b8d573-9c39-11e0-abb9-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90b8d598-9c39-11e0-abb9-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{90b8d598-9c39-11e0-abb9-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90b8d5a7-9c39-11e0-abb9-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{90b8d5a7-9c39-11e0-abb9-001e101f7fb6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9e902d7-d4b5-11e0-a368-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e902d7-d4b5-11e0-a368-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9e90316-d4b5-11e0-a368-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e90316-d4b5-11e0-a368-002454e62d97}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/04/02 18:07:28 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b3eaba56-d0df-11e0-a284-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{b3eaba56-d0df-11e0-a284-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b3eaba66-d0df-11e0-a284-002454e62d97}\Shell - "" = AutoRun
O33 - MountPoints2\{b3eaba66-d0df-11e0-a284-002454e62d97}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/04/02 18:07:28 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/05/22 06:35:39 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/22 02:41:09 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\TeamViewer
[2012/05/22 02:14:26 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\Malwarebytes
[2012/05/22 02:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/22 02:14:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/22 02:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/22 02:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/22 02:13:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MT\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/22 00:55:04 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MT\Desktop\tdsskiller.exe
[2012/05/21 20:27:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe
[2012/05/21 16:24:15 | 004,500,115 | ---- | C] (Swearware) -- C:\Users\MT\Desktop\ComboFix.exe
[2012/05/21 08:29:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/18 21:08:55 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/05/18 01:14:07 | 000,214,024 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfehidk.sys
[2012/05/18 01:14:07 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\Mpfp.sys
[2012/05/18 01:14:07 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2012/05/18 01:14:07 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfesmfk.sys
[2012/05/18 01:14:07 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2012/05/18 01:14:07 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdk.sys
[2012/05/12 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sandlot Shared
[2012/05/12 21:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2012/05/12 21:21:50 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\temp
[2012/05/12 21:21:27 | 000,000,000 | RH-D | C] -- C:\Users\MT\AppData\Roaming\SecuROM
[2012/05/12 21:21:26 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/05/22 02:17:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 02:17:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 02:09:54 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/05/22 02:09:49 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/22 02:09:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/22 02:09:38 | 000,417,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/22 02:09:15 | 3150,561,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 01:54:10 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/22 01:32:20 | 234,045,097 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/21 21:48:58 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MT\Desktop\tdsskiller.exe
[2012/05/21 20:38:15 | 000,048,775 | ---- | M] () -- C:\Users\MT\Desktop\screen.png
[2012/05/21 20:27:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe
[2012/05/21 16:19:11 | 004,500,115 | ---- | M] (Swearware) -- C:\Users\MT\Desktop\ComboFix.exe
[2012/05/20 22:10:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MT\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/17 18:11:23 | 000,014,374 | ---- | M] () -- C:\Users\MT\Documents\cc_20120517_181115.reg
[2012/05/17 17:34:04 | 000,699,040 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/17 17:34:04 | 000,144,454 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/17 17:34:04 | 000,119,438 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/17 17:34:04 | 000,000,000 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/16 15:57:18 | 000,512,187 | ---- | M] () -- C:\Users\MT\Documents\Foto0082.jpg
[2012/05/16 15:57:16 | 000,548,756 | ---- | M] () -- C:\Users\MT\Documents\Foto0083.jpg
[2012/05/16 15:57:16 | 000,531,817 | ---- | M] () -- C:\Users\MT\Documents\Foto0085.jpg
[2012/05/12 21:21:26 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2012/05/10 22:01:03 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/10 22:01:03 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/04/29 18:04:06 | 000,537,114 | ---- | M] () -- C:\Users\MT\Documents\Foto0056.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/05/21 20:38:15 | 000,048,775 | ---- | C] () -- C:\Users\MT\Desktop\screen.png
[2012/05/18 21:08:45 | 234,045,097 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/05/17 18:11:19 | 000,014,374 | ---- | C] () -- C:\Users\MT\Documents\cc_20120517_181115.reg
[2012/05/16 15:59:26 | 000,531,817 | ---- | C] () -- C:\Users\MT\Documents\Foto0085.jpg
[2012/05/16 15:59:16 | 000,548,756 | ---- | C] () -- C:\Users\MT\Documents\Foto0083.jpg
[2012/05/16 15:59:08 | 000,512,187 | ---- | C] () -- C:\Users\MT\Documents\Foto0082.jpg
[2012/04/29 18:05:48 | 000,537,114 | ---- | C] () -- C:\Users\MT\Documents\Foto0056.jpg
[2011/09/28 22:52:18 | 000,021,265 | ---- | C] () -- C:\Users\MT\AppData\Roaming\UserTile.png
[2011/04/15 15:04:21 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/06/14 01:33:19 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/06/14 01:10:58 | 000,001,470 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/06/13 03:47:23 | 000,699,040 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/06/13 03:47:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/06/13 03:47:23 | 000,144,454 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/06/13 03:47:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/06/13 03:26:14 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2010/06/13 03:26:13 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[color=#E56717]========== LOP Check ==========[/color]

[2011/10/21 23:12:11 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DVDVideoSoft
[2011/10/20 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/29 16:06:46 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\ProtectDisc
[2012/04/04 13:38:15 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Rovio
[2012/05/16 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\SoftGrid Client
[2012/05/22 02:41:09 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\TeamViewer
[2011/05/14 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Telefónica
[2012/05/12 21:21:50 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\temp
[2011/04/15 19:23:18 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\TP
[2012/05/22 01:10:35 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

< End of report >
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

22.05.2012, 00:00

Swisstreasure

Moderator

Beiträge: 5694

#24 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

22.05.2012, 00:27

Levanael

Member

Themenstarter

Beiträge: 71

#25 ComboFix 12-05-20.10 - MT 22.05.2012 3:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3005.2128 [GMT 2:00]
ausgeführt von:: c:\users\MT\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.8\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.8\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.8\uninstall.exe
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-22 bis 2012-05-22 ))))))))))))))))))))))))))))))
.
.
2012-05-22 01:17 . 2012-05-22 01:17 -------- d-----w- c:\users\MT\AppData\Local\temp
2012-05-22 01:17 . 2012-05-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 00:41 . 2012-05-22 00:41 -------- d-----w- c:\users\MT\AppData\Roaming\TeamViewer
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\users\MT\AppData\Roaming\Malwarebytes
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 00:14 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 23:15 . 2012-05-17 23:15 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-05-17 23:15 . 2012-05-17 23:15 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-05-17 23:14 . 2009-06-18 01:15 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-05-17 23:14 . 2009-06-18 01:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-05-17 23:14 . 2009-06-18 01:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-05-17 23:14 . 2009-06-18 01:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-05-17 23:14 . 2009-06-18 01:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-05-17 23:14 . 2009-04-09 05:23 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-05-17 23:13 . 2009-07-14 01:15 18432 ----a-w- c:\windows\system32\corpol.dll
2012-05-12 19:35 . 2012-05-12 19:45 -------- d-----w- c:\program files\Common Files\Sandlot Shared
2012-05-12 19:35 . 2012-05-12 19:35 -------- d-----w- c:\programdata\Sandlot Games
2012-05-12 19:21 . 2012-05-12 19:21 -------- d--h--r- c:\users\MT\AppData\Roaming\SecuROM
2012-05-12 19:21 . 2012-05-12 19:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-12 16:53 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 16:53 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 16:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 16:53 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 16:53 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 15:18 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 15:18 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 15:18 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 15:18 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 15:17 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:01 . 2011-10-22 08:44 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 20:01 . 2011-10-22 08:44 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-01 05:46 . 2012-04-12 21:54 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 21:54 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 21:54 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 21:54 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 21:58 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 21:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 21:58 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 21:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-13 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-10 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 17:12]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 17:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
IE: Free YouTube to MP3 Converter - c:\users\MT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{27422C56-3EFA-4FDE-838D-3448B5876794}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{29975BFE-BCA3-46D0-A943-E9C98BECC743}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{559A8DFC-FE5F-4BA8-8A6C-FF2BAAA0C89D}: NameServer = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.8\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3219418776-4157282183-555089908-1000\Software\SecuROM\License information*]
"datasecu"=hex:c1,73,99,db,6e,b0,ce,15,50,c8,a9,5b,9f,9b,d0,4a,cc,74,76,bf,b6,
b8,20,f2,64,86,3c,c2,f8,8b,8f,92,55,bf,99,ed,61,d1,b2,ba,d1,39,ce,8e,4e,92,\
"rkeysecu"=hex:69,5b,b2,59,d2,cc,a2,03,a5,22,71,5e,7b,22,24,67
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-22 03:19:49
ComboFix-quarantined-files.txt 2012-05-22 01:19
.
Vor Suchlauf: 6 Verzeichnis(se), 94.273.826.816 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 94.559.363.072 Bytes frei
.
- - End Of File - - 59D812F44E375129B3E0B0428DE33002
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

22.05.2012, 00:28

Swisstreasure

Moderator

Beiträge: 5694

#26 ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.

• Dein Anti-Virus-Programm während des Scans deaktivieren.

Button

(<< klick) drücken.

• Firefox-User:
Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User:
müssen das Installieren eines ActiveX Elements erlauben.

• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
•

drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde

• Klicke

.
• Klicke

und speichere das Logfile als ESET.txt auf dem Desktop.
• Klicke Back und Finish

Bitte poste die Logfile hier.

22.05.2012, 04:54

Levanael

Member

Themenstarter

Beiträge: 71

#27 sooo hier das noch

C:\Users\MT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\163a4c89-1789f91b a variant of Java/Exploit.Agent.NBC trojan
D:\MT-PC\Backup Set 2012-04-22 190916\Backup Files 2012-04-29 201717\Backup files 1.zip a variant of Java/Exploit.Agent.NBC trojan
D:\MT-PC\Backup Set 2012-05-06 200915\Backup Files 2012-05-06 200915\Backup files 1.zip a variant of Java/Exploit.Agent.NBC trojan
D:\MT-PC\Backup Set 2012-05-21 024452\Backup Files 2012-05-21 024452\Backup files 1.zip a variant of Java/Exploit.Agent.NBC trojan
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

22.05.2012, 10:01

Swisstreasure

Moderator

Beiträge: 5694

#28

Zitat

D:\MT-PC

Hier sämtliche Backups am besten löschen und ein neues sauberes Backup vom jetzigen System erstellen.

Kommen von Avira noch Meldungen?

22.05.2012, 10:04

Levanael

Member

Themenstarter

Beiträge: 71

#29 ok mach ich...

avira hatte 4 funde .. glaub waren trojaner... hab die in quarantäne und dann gelöscht
__________
Wird mal wieder zeit für ein neues PC-Problem... *lool*

22.05.2012, 11:05

Swisstreasure

Moderator

Beiträge: 5694

#30 AntiVir - Funde rauskopieren

Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
Typ anklicken, damit die Ereignisse nach Typart sortiert werden.
Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3