Virus,Malware auf PC

Schlag · 31.03.2011, 17:48

Hallo Zusammen,

Ich und mein PC brauchen Hilfe. Nach GData TotalCare2011/AVIRA Meldungen das ein TB/... und so weiter auf meinem Rechner ist habe ich versch. Programme wie: Malwarebytes / Spywarefighter / Trojan Remover versucht. Diese haben keine Viren mehr gefunden aber ein grosses Problem bleibt nach wievor. Und zwar kann ich den InternetExplorer nicht mehr öffnen und mein PC is sau langsam und so anders.

Ich habe natürlich: Für alle Hilfesuchenden- gelesen und Load.exe ausgeführt.

Ging alles promt und gut.

So hier nun mein LOGFile

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.03.2011 18:04:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DS\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 353,77 Gb Free Space | 59,35% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: DS-PC | User Name: DS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.24 14:45:07 | 000,797,848 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2010.12.24 14:45:07 | 000,093,328 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2010.08.27 07:40:00 | 001,178,184 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010.08.26 12:25:16 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2010.08.26 00:41:56 | 001,607,344 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe
PRC - [2010.08.26 00:28:20 | 001,330,792 | ---- | M] () -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe
PRC - [2010.08.25 23:51:44 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
MOD - [2011.03.27 20:21:03 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2011.03.27 20:21:03 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll
MOD - [2011.03.27 20:20:56 | 000,159,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f\ATL90.dll
MOD - [2011.03.27 10:36:16 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.03.25 11:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL
MOD - [2010.03.25 04:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\1031\GrooveIntlResource.dll
MOD - [2010.03.03 02:24:24 | 000,467,768 | ---- | M] (SmartSoft Ltd.) -- C:\Programme\SmartFTP Client\sfShellTools.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.05 17:15:28 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.24 15:01:28 | 001,141,896 | ---- | M] (SPAMfighter ApS) [Disabled | Stopped] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2010.12.24 14:45:07 | 000,797,848 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2010.12.24 14:45:07 | 000,093,328 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2010.08.27 07:40:00 | 001,178,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.08.26 00:41:56 | 001,607,344 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2010.08.26 00:28:20 | 001,330,792 | ---- | M] () [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010.08.25 23:51:44 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.06.15 21:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.05 08:26:22 | 000,901,192 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.10 18:06:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.08 02:17:54 | 000,934,984 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.07.30 22:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.27 22:36:25 | 000,047,560 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.03.27 22:34:06 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.03.27 22:34:06 | 000,038,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.03.27 22:34:06 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.03.27 22:22:27 | 000,029,992 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.03.27 21:39:30 | 000,040,904 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.24 14:45:10 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfsfilter.sys -- (AVFSFilter)
DRV - [2010.05.01 00:52:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.01 00:52:52 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.07.28 21:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.28 19:38:00 | 000,049,016 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.07.27 21:09:28 | 000,055,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.07.24 12:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.06.19 10:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 10:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 12:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.02.03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ig?hl=de&amp;source=iglk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 E0 63 42 39 5A CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.17 23:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.17 23:17:42 | 000,000,000 | ---D | M]
 
[2009.11.20 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DS\AppData\Roaming\mozilla\Extensions
[2009.11.20 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DS\AppData\Roaming\mozilla\Firefox\Profiles\iublh5t2.default\extensions
[2009.11.20 18:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [] File not found
O4 - Startup: C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-ch/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: CAHeadless - hkey= - key= - C:\Programme\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SWPROguard - hkey= - key= - C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.31 18:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.31 17:59:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.31 17:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.31 17:57:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\DS\Desktop\Erunt-setup.exe
[2011.03.31 17:57:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
[2011.03.31 17:57:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\DS\Desktop\TFC.exe
[2011.03.29 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\G DATA
[2011.03.27 22:22:27 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.03.27 21:40:09 | 000,047,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.03.27 21:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalCare 2011
[2011.03.27 21:39:58 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.03.27 21:39:33 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.03.27 21:39:33 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.03.27 21:39:30 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.03.27 21:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Common Toolkit Suite
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011.03.27 21:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011.03.27 21:21:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}
[2011.03.27 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Fighters
[2011.03.27 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\PackageAware
[2011.03.27 20:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.03.27 20:36:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server
[2011.03.27 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Visual Studio 2010
[2011.03.27 20:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2011.03.27 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Simply Super Software
[2011.03.27 20:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Simply Super Software
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.03.27 19:56:47 | 000,000,000 | ---D | C] -- C:\Users\DS\Pavark
[2011.03.27 19:54:08 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2011.03.27 19:25:09 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.03.27 19:25:09 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.26 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Malwarebytes
[2011.03.26 22:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.26 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.26 22:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.26 22:45:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.26 22:45:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.26 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.03.26 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.26 21:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2011.03.26 21:46:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.26 21:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.03.26 21:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.03.26 21:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.26 21:44:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2011.03.26 21:44:07 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Microsoft Help
[2011.03.26 21:43:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.26 21:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.26 21:42:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.26 19:01:31 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\LAG
[2011.03.26 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
[2011.03.26 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.03.24 20:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.03.24 20:24:04 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Othello
[2011.03.24 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\System Programme
[2011.03.24 20:22:29 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Dokumente
[2011.03.24 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Ferien
[2011.03.24 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\CAD & Zeichnen
[2011.03.24 20:19:22 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Steuern
[2011.03.24 20:18:48 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Install Dateien
[2011.03.24 20:18:34 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Musik
[2011.03.24 20:18:12 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Handy
[2011.03.24 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Games
[2011.03.24 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Aquarium
[2011.03.24 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Moto & Sport
[2011.03.24 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Video
[2011.03.24 20:16:44 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Bilder
[2011.03.24 20:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2011.03.24 20:12:23 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Bluetooth
[2011.03.24 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Toshiba
[2011.03.24 20:07:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2011.03.24 20:06:51 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba
[2011.03.19 10:18:08 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Architecture CAD
[2011.03.18 19:45:48 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Apple Computer
[2011.03.18 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Apple Computer
[2011.03.18 19:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.18 19:45:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.18 19:45:09 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.18 19:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.18 19:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.18 19:44:43 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.03.18 19:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.18 19:44:37 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.18 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Apple
[2011.03.18 19:44:04 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.18 19:43:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.18 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.06 10:55:46 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\SpellForce2
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.31 18:00:01 | 000,001,078 | ---- | M] () -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.31 17:59:45 | 000,000,898 | ---- | M] () -- C:\Users\DS\Desktop\NTREGOPT.lnk
[2011.03.31 17:59:45 | 000,000,879 | ---- | M] () -- C:\Users\DS\Desktop\ERUNT.lnk
[2011.03.31 17:57:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\DS\Desktop\Erunt-setup.exe
[2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
[2011.03.31 17:57:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\TFC.exe
[2011.03.31 17:57:20 | 000,301,568 | ---- | M] () -- C:\Users\DS\Desktop\g2m3e4r.exe
[2011.03.31 17:54:44 | 000,699,642 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 17:54:44 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.31 17:54:44 | 000,148,438 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 17:54:44 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.31 17:48:54 | 000,377,280 | ---- | M] () -- C:\Users\DS\Desktop\Load.exe
[2011.03.31 17:46:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 17:46:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 17:39:43 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.31 17:39:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.31 17:39:24 | 2408,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.31 17:39:23 | 288,030,969 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.30 20:39:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.29 22:14:13 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.27 22:36:25 | 000,047,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.03.27 22:34:06 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.03.27 22:34:06 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.03.27 22:34:06 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.03.27 22:22:27 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.03.27 21:39:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2011.03.27 21:39:30 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.03.27 21:23:26 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.03.27 20:08:58 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.27 19:25:09 | 000,002,949 | ---- | M] () -- C:\Users\DS\Desktop\HiJackThis.lnk
[2011.03.27 10:36:16 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.03.26 22:46:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.26 22:14:59 | 000,415,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.26 22:03:21 | 002,027,520 | ---- | M] () -- C:\Users\DS\Documents\Posten.accdb
[2011.03.26 21:47:27 | 000,003,231 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Outlook 2010.lnk
[2011.03.26 21:47:27 | 000,003,095 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft PowerPoint 2010.lnk
[2011.03.26 21:47:27 | 000,003,029 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Word 2010.lnk
[2011.03.26 21:47:27 | 000,002,981 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft OneNote 2010.lnk
[2011.03.26 21:47:26 | 000,003,047 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Excel 2010.lnk
[2011.03.26 21:47:26 | 000,002,965 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Access 2010.lnk
[2011.03.24 20:28:37 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.03.24 20:16:01 | 000,000,982 | ---- | M] () -- C:\Users\DS\Desktop\Bluetooth-Informationsaustausch.lnk
[2011.03.24 20:12:46 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\DS\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.03.31 18:00:01 | 000,001,078 | ---- | C] () -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.31 17:59:45 | 000,000,898 | ---- | C] () -- C:\Users\DS\Desktop\NTREGOPT.lnk
[2011.03.31 17:59:45 | 000,000,879 | ---- | C] () -- C:\Users\DS\Desktop\ERUNT.lnk
[2011.03.31 17:57:20 | 000,301,568 | ---- | C] () -- C:\Users\DS\Desktop\g2m3e4r.exe
[2011.03.31 17:52:24 | 000,377,280 | ---- | C] () -- C:\Users\DS\Desktop\Load.exe
[2011.03.27 21:39:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2011.03.27 21:23:26 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.03.27 20:45:49 | 288,030,969 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.03.27 20:08:58 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.27 20:08:56 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.03.27 20:08:56 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.03.27 20:08:56 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.03.27 20:08:56 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.03.27 19:25:09 | 000,002,949 | ---- | C] () -- C:\Users\DS\Desktop\HiJackThis.lnk
[2011.03.27 10:36:16 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.03.26 22:46:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.26 22:03:04 | 002,027,520 | ---- | C] () -- C:\Users\DS\Documents\Posten.accdb
[2011.03.26 21:47:27 | 000,003,231 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Outlook 2010.lnk
[2011.03.26 21:47:27 | 000,003,095 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft PowerPoint 2010.lnk
[2011.03.26 21:47:27 | 000,003,029 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Word 2010.lnk
[2011.03.26 21:47:27 | 000,002,981 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft OneNote 2010.lnk
[2011.03.26 21:47:26 | 000,003,047 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Excel 2010.lnk
[2011.03.26 21:47:26 | 000,002,965 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Access 2010.lnk
[2011.03.26 19:48:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.24 20:28:37 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.03.24 20:16:00 | 000,000,982 | ---- | C] () -- C:\Users\DS\Desktop\Bluetooth-Informationsaustausch.lnk
[2011.03.18 19:44:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\DS\Desktop\Anleitung.html
[2011.01.01 00:11:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.12.24 14:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010.11.07 20:37:51 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2010.11.07 20:37:51 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.05.01 00:52:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.01 00:52:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.10 18:33:13 | 000,005,632 | ---- | C] () -- C:\Users\DS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.27 21:08:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.12.26 15:25:21 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.12.25 09:02:34 | 000,036,432 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.14 10:47:43 | 000,699,642 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,438 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,415,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,654,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,121,226 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.10 18:30:10 | 000,372,736 | ---- | C] () -- C:\Windows\System32\Mss32.dll
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2009.11.03 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\BlackBean
[2010.01.02 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Capcom
[2009.11.20 18:52:42 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Daoisoft
[2010.02.05 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\EasyTax
[2011.03.27 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Fighters
[2009.11.03 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Leadertech
[2010.08.30 16:48:02 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\No Company Name
[2010.11.17 23:36:32 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Nokia
[2010.11.17 23:36:33 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Nokia Ovi Suite
[2010.11.17 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\PC Suite
[2009.12.26 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Red Alert 3
[2011.03.27 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Simply Super Software
[2010.05.01 12:15:51 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Ubisoft
[2011.01.25 20:05:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.10.31 16:39:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.01 12:14:38 | 000,000,000 | ---D | M] -- C:\ANNO 1404
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.16 13:51:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.10.16 14:35:14 | 000,000,000 | ---D | M] -- C:\Intel
[2010.12.07 18:14:51 | 000,000,000 | ---D | M] -- C:\Landwirtschafts Simulator 2011
[2010.10.24 16:05:48 | 000,000,000 | ---D | M] -- C:\mafia
[2011.03.26 21:42:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.16 14:23:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.03.31 17:59:44 | 000,000,000 | R--D | M] -- C:\Programme
[2009.10.27 22:48:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.29 22:40:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.16 13:51:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.31 16:39:26 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.30 18:47:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.31 16:39:34 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.31 18:00:29 | 000,000,000 | ---D | M] -- C:\Windows
[2011.03.29 22:52:34 | 000,000,000 | ---D | M] -- C:\Windows.old
[2011.01.26 19:24:19 | 000,000,000 | ---D | M] -- C:\World of Warcraft
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-25 16:44:22
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
 
< End of report >

--- --- ---

--------------------------------------------------------------------------
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-31 18:28:19
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD6401AALS-00L3B2 rev.01.03B01
Running: g2m3e4r.exe; Driver: C:\Users\DS\AppData\Local\Temp\pxldapoc.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C85589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA3A3B300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA3A80300, 0x1BEE, 0xE8000020]
PAGE peauth.sys A3A90E20 101 Bytes JMP 60DA9B04 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 770551C0 5 Bytes JMP 0021000A 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 77055D40 5 Bytes JMP 0022000A 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 77056298 5 Bytes JMP 001F000A 
.text C:\Windows\system32\svchost.exe[1100] ole32.dll!CoCreateInstance 7577590C 5 Bytes JMP 0047000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!GetCursorPos 7588C198 5 Bytes JMP 00E7000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!GetForegroundWindow 7589565D 5 Bytes JMP 00EA000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!WindowFromPoint 758B6D0C 5 Bytes JMP 00E9000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!NtProtectVirtualMemory 770551C0 5 Bytes JMP 0029000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!NtWriteVirtualMemory 77055D40 5 Bytes JMP 002A000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!KiUserExceptionDispatcher 77056298 5 Bytes JMP 0017000A 
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
Device \Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD6401AALS-00L3B2___________________01.03B01#5&7555648&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f95dd 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f95dd (not active ControlSet) 
 
---- Disk sectors - GMER 1.0.15 ----
 
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
 
---- EOF - GMER 1.0.15 ----[/QUOTE]

--- --- ---

Ich habe nicht viel Ahnung von Viren und dessen löschungen.

Ich hoffe ich habe nichts vergessen.

Ihr seid meine letzte Chance.

jetzt schon für eure Bemühungen!!

Gruss der Schlag

cosinus · 31.03.2011, 18:35

Zitat:

Programme wie: Malwarebytes / Spywarefighter / Trojan Remover versucht. Diese haben keine Viren mehr gefunden

Bitte ALLE Logs von Malwarebytes posten.

Schlag · 31.03.2011, 21:18

Ich habe ein aktuellen erstellt mit Quickscan

Die alten Scans sind dem Identisch:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6177

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

31.03.2011 22:08:08
mbam-log-2011-03-31 (22-08-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161970
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 01.04.2011, 12:59

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Schlag · 03.04.2011, 06:36

Hallo,

Nein ich habe keine alten Logs. Und Vollscan Log ist identisch mit dem von mir geposteten!! Ich kann dir nichts bringen. Aber sieht man in den Logs von OTL und GMAR nichts? was soll ich sonst für Logs erstellen? Malwarebyts zeigt bei mir garnix an! (Somit unbrauchbar)

Mein PC läuft einfach fast nicht mehr und habe kein Browser zum Öffnen!

Was kann ich machen das ich wider Arbeiten kann!??

Gruss

cosinus · 03.04.2011, 14:13

Poste bitte trotzdem das Log vom Vollscan! Da stehen noch weitere Infos drin!

Schlag · 03.04.2011, 16:24

Habe ich jetzt 10 mal versucht. geht ned! Der Virus lässt vorher immer das system abstürzen. habs auch Offline/abgesicherter modus und so weiter versucht..

Steht da nix drinne in den Logfiles??? Ich weiss nicht mehr was zu tun ist. Ich bin jetzt über ne Woche dran. All die behinderten Virus Ersteller sollen doch

Es wird von Tag zu Tag schlimmer. Malware: TB/ irgand was.. kann ich die ned löschen??

cosinus · 03.04.2011, 16:29

Was genau geht nicht, an welche Stelle genau stürzt das System ab?

Schlag · 03.04.2011, 17:53

Bluescreen nach 10 min oder 20 oder 30 oder 40 auch nach 1 Std. isser schon abgestürtzt.
Willkühr. Auch wenn ich versuche den Explorer oder das Inet zu öffnen. kann es sein das er tilt.

kurz vorher kann auch nicht gesehen werdern, welche Objekte durchsucht werden. geht ja zu schnell

Der GData TotalCare findet keine Maleware. den konnte ich sogleich lauffen lassen..

Gruss

cosinus · 03.04.2011, 17:58

Probier den Vollscan von Malwarebytes mal bitte im abgesicherten Modus von Windows.

Schlag · 03.04.2011, 18:23

habe ich doch bereits versucht. also habe jetzt mal frisch gestartet und bis jetzt läuft der vollscan 1std50min mal schaun ob er es jetzt schafft

Gruss

Schlag · 03.04.2011, 19:26

Ich habe ein Scan durchgebracht!!
Hier den Log:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6253

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

03.04.2011 19:55:57
mbam-log-2011-04-03 (19-55-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 409778
Laufzeit: 2 Stunde(n), 23 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 03.04.2011, 19:43

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
[2010.08.30 16:48:02 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\No Company Name
[2011.03.24 20:28:37 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.03.18 19:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.27 21:21:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O4 - HKCU..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Schlag · 05.04.2011, 20:41

Hallo,

So hatte heute Zeit das zu machen.

Also hab das OTL gefixt und hatte auch OK zu drücken, es hat das System neugestartet.

Zitat:

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
C:\Users\DS\AppData\Roaming\No Company Name\No Client Name\No Client Internal Version folder moved successfully.
C:\Users\DS\AppData\Roaming\No Company Name\No Client Name folder moved successfully.
C:\Users\DS\AppData\Roaming\No Company Name folder moved successfully.
C:\Windows\System32\ALLFSAF8a.ocx moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\vxgs54we.kj4 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\Policies\uxgs54we.kj4 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\Policies folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\Manifests folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\b2rg91xw.1p4 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs\92rg91xw.1p4 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\winsxs folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows\system32 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\Windows folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\mWinRun.dll folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\mMSI.dll folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\mIDEFunc.dll folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\mDown.dll folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\FC4C988\D5E99562 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\FC4C988 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F85D8989\DCD507AB folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F85D8989 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F78802CF\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F78802CF folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F674BBD9\DCD507AB folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\F674BBD9 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\EC669005\18732F2A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\EC669005 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\E7E1DC0A\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\E7E1DC0A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DB5AB443\40374F81 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DB5AB443 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DA1880DD\B227C759 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DA1880DD\4E660F52 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\DA1880DD folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\B510A09A\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\B510A09A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\A8A33BA\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\A8A33BA folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\A3F795A0\DCD507AB folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\A3F795A0 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\9BB8FD70\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\9BB8FD70 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\81CDDA48\18732F2A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\81CDDA48 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\7B4591B7\40374F81 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\7B4591B7 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\79D5CCD5\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\79D5CCD5 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\6ED4E8D4\18732F2A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\6ED4E8D4 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\4B2E2F92\B17F3E1E folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\4B2E2F92 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\384C3814\CB4D3653 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\384C3814 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\3423D82A\D93F42C2 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\3423D82A folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\31C23F9\7C25F986 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\31C23F9 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\27467486\40374F81 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\27467486 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\1B2BFE9\40374F81 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE\1B2BFE9 folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}\OFFLINE folder moved successfully.
C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc925883-efe1-11de-8978-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc925883-efe1-11de-8978-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DS
->Temp folder emptied: 1259928 bytes
->Temporary Internet Files folder emptied: 206654 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2285248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04052011_212714

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\yu6jw28m.vbt not found!

Registry entries deleted on Reboot...

Was habe ich jetzt zu tun?

Vielen Dank für deine raschen Antworten!! Wirklich ein super Service!

Gruss

cosinus · 06.04.2011, 08:41

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

03.04.2011, 14:13	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus,Malware auf PC Poste bitte trotzdem das Log vom Vollscan! Da stehen noch weitere Infos drin! __________________ --> Virus,Malware auf PC

03.04.2011, 16:29	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus,Malware auf PC Was genau geht nicht, an welche Stelle genau stürzt das System ab? __________________ Logfiles bitte immer in CODE-Tags posten

03.04.2011, 17:58	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus,Malware auf PC Probier den Vollscan von Malwarebytes mal bitte im abgesicherten Modus von Windows. __________________ Logfiles bitte immer in CODE-Tags posten

Virus,Malware auf PC

Log-Analyse und Auswertung: Virus,Malware auf PC