Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.05.2011, 23:47   #1
kermit44
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



Guten Abend,

habe mir einen Trojaner eingefangen. Es erscheinen dauerhaft Fehlermeldungen von Windows und Windows 7 Recovery( auf Englisch) springt automatisch an.
Habe schon unhide und Malwarebytes durchlaufen lassen.
Danach habe ich otl gestartet.Habe in anderen Post gesehen das noch etwas in die Textbox eingegeben werden sollte, hab dies mal gemacht. Vielleicht hilft das schneller weiter.OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.05.2011 23:31:58 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 203,05 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
 
Computer Name: HDNETBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\26337016.exe (Microsoft Corporation)
PRC - C:\ProgramData\oVlLshwOTG.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\Alex\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7735
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7735
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60222
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {47E31375-EDAF-4551-8676-BB130487260A}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.13 20:05:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 17:55:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 17:55:36 | 000,000,000 | ---D | M]
 
[2010.07.06 16:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.21 15:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions
[2011.04.27 22:57:32 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.08.06 17:08:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.27 22:57:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.21 15:22:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.06 16:59:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\xf7a914m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.13 17:04:10 | 000,002,253 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xf7a914m.default\searchplugins\askcom.xml
[2011.01.10 22:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.10 22:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.07.06 16:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.10 22:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.13 23:52:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ALEX\APPDATA\LOCAL\{47E31375-EDAF-4551-8676-BB130487260A}
[2010.07.06 16:53:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.28 22:46:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.28 22:46:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.28 22:46:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.28 22:46:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.28 22:46:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000..\Run: [oVlLshwOTG] C:\ProgramData\oVlLshwOTG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000..\Run: [Uyuzikapawogepuk] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.21 23:12:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.21 22:18:19 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\26337016.exe
[2011.05.21 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.21 22:05:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.21 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.21 22:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.21 22:05:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.21 22:05:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.21 22:04:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup.exe
[2011.05.21 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.21 16:21:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\oVlLshwOTG.exe
[2011.05.13 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}
[2011.05.11 20:24:27 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.05.11 20:24:27 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.05.07 00:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.04.30 15:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETS
[2011.04.30 15:43:22 | 000,000,000 | ---D | C] -- C:\Programme\ETS
[2011.04.30 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Downloaded Installations
[2009.11.09 05:22:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.21 23:17:57 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.21 23:17:56 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.21 23:12:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.21 23:02:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.21 23:02:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.21 22:37:15 | 000,606,104 | ---- | M] () -- C:\Users\Alex\Desktop\unhide(3).exe
[2011.05.21 22:33:06 | 000,606,104 | ---- | M] () -- C:\Users\Alex\Desktop\unhide.exe
[2011.05.21 22:31:10 | 000,606,104 | ---- | M] () -- C:\Users\Alex\Desktop\unhide(2).exe
[2011.05.21 22:18:26 | 000,000,144 | ---- | M] () -- C:\ProgramData\~26337016r
[2011.05.21 22:18:26 | 000,000,120 | ---- | M] () -- C:\ProgramData\~26337016
[2011.05.21 22:18:21 | 000,000,336 | ---- | M] () -- C:\ProgramData\26337016
[2011.05.21 22:18:19 | 000,344,576 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\26337016.exe
[2011.05.21 22:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.21 22:17:34 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.21 22:05:44 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.21 22:05:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup.exe
[2011.05.21 21:31:37 | 000,000,120 | ---- | M] () -- C:\Users\Alex\AppData\Local\Hfizulicaken.dat
[2011.05.21 16:30:33 | 000,000,144 | ---- | M] () -- C:\ProgramData\~31907576r
[2011.05.21 16:30:33 | 000,000,120 | ---- | M] () -- C:\ProgramData\~31907576
[2011.05.21 16:30:32 | 000,000,639 | ---- | M] () -- C:\Users\Alex\Desktop\Windows 7 Recovery.lnk
[2011.05.21 16:30:14 | 000,000,336 | ---- | M] () -- C:\ProgramData\31907576
[2011.05.21 16:21:06 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\oVlLshwOTG.exe
[2011.05.21 10:01:30 | 000,000,000 | ---- | M] () -- C:\Users\Alex\AppData\Local\Gpaputiholuracan.bin
 
========== Files Created - No Company Name ==========
 
[2011.05.21 22:37:15 | 000,606,104 | ---- | C] () -- C:\Users\Alex\Desktop\unhide(3).exe
[2011.05.21 22:36:06 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.21 22:36:06 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\Orion.lnk
[2011.05.21 22:36:06 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 5.0.lnk
[2011.05.21 22:36:06 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\MyWinLocker.lnk
[2011.05.21 22:36:06 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011.05.21 22:36:06 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.05.21 22:36:06 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.05.21 22:36:06 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.21 22:36:06 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011.05.21 22:36:06 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.05.21 22:36:05 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.21 22:36:05 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2011.05.21 22:36:05 | 000,001,313 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.05.21 22:36:05 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.21 22:33:06 | 000,606,104 | ---- | C] () -- C:\Users\Alex\Desktop\unhide.exe
[2011.05.21 22:31:07 | 000,606,104 | ---- | C] () -- C:\Users\Alex\Desktop\unhide(2).exe
[2011.05.21 22:18:26 | 000,000,144 | ---- | C] () -- C:\ProgramData\~26337016r
[2011.05.21 22:18:26 | 000,000,120 | ---- | C] () -- C:\ProgramData\~26337016
[2011.05.21 22:18:21 | 000,000,336 | ---- | C] () -- C:\ProgramData\26337016
[2011.05.21 16:30:33 | 000,000,144 | ---- | C] () -- C:\ProgramData\~31907576r
[2011.05.21 16:30:33 | 000,000,120 | ---- | C] () -- C:\ProgramData\~31907576
[2011.05.21 16:30:32 | 000,000,639 | ---- | C] () -- C:\Users\Alex\Desktop\Windows 7 Recovery.lnk
[2011.05.21 16:30:14 | 000,000,336 | ---- | C] () -- C:\ProgramData\31907576
[2011.05.13 23:52:48 | 000,000,120 | ---- | C] () -- C:\Users\Alex\AppData\Local\Hfizulicaken.dat
[2011.05.13 23:52:48 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\Gpaputiholuracan.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.01.14 18:43:08 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2010.12.26 23:28:10 | 000,009,039 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\B612.0DA
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.07.29 20:24:25 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010.07.29 20:14:01 | 000,000,024 | ---- | C] () -- C:\Windows\SW_Win9423X24.DLL
[2010.07.28 17:32:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.07.13 22:51:46 | 000,006,144 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 19:59:27 | 000,187,558 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010.07.09 16:03:00 | 000,001,376 | ---- | C] () -- C:\Windows\System32\dciman13.sys
[2010.07.06 17:07:41 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010.07.06 16:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.18 21:29:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.02.20 19:45:46 | 000,016,452 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2010.01.29 22:09:17 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009.11.21 21:34:21 | 000,000,048 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.11.14 13:40:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.11.09 22:15:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.08 21:25:48 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.11.08 21:25:48 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.11.08 21:25:48 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.11.08 21:25:48 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.11.08 20:50:20 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.11.08 20:50:20 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.11.08 20:50:20 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.11.08 20:50:20 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.11.08 20:50:20 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.11.08 20:50:20 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.07.14 10:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,334,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.04.08 15:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[1997.11.17 18:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.07.06 16:58:47 | 000,000,000 | -HSD | M] -- C:\Users\Alex\AppData\Roaming\.#
[2010.07.07 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blitware
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2010.08.06 17:08:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2011.01.14 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeFLVConverter
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Gogii Games
[2010.12.31 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nokuuc
[2010.10.07 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PhotoScape
[2010.07.06 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PlayFirst
[2011.03.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PowerCinema
[2010.12.27 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Puex
[2010.12.28 00:44:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\seukvlcmaw
[2010.07.06 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Shape games
[2011.03.27 22:17:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftDMA
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thinstall
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2010.07.06 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ubisoft
[2010.02.12 22:01:46 | 000,000,000 | -HSD | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\.#
[2010.07.06 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\Acer GameZone Console
[2010.07.06 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\EA
[2010.07.06 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\eSobi
[2010.07.06 16:58:12 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\iWin
[2010.07.06 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\PowerCinema
[2010.07.06 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\SoftDMA
[2010.07.06 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\Template
[2010.07.06 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Public.HDnetbook\AppData\Roaming\TuneUp Software
[2011.03.21 22:02:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.06 16:58:47 | 000,000,000 | -HSD | M] -- C:\Users\Alex\AppData\Roaming\.#
[2010.07.07 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2011.05.21 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Adobe
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ATI
[2010.12.09 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avira
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blitware
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CyberLink
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DivX
[2011.03.27 21:19:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\dvdcss
[2010.08.06 17:08:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2011.01.14 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeFLVConverter
[2010.07.06 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Gogii Games
[2010.07.06 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Google
[2010.07.13 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HP
[2010.08.09 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HpUpdate
[2010.07.06 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Identities
[2010.07.06 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InstallShield
[2010.07.06 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia
[2011.05.21 22:06:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Center Programs
[2010.12.27 23:31:10 | 000,000,000 | --SD | M] -- C:\Users\Alex\AppData\Roaming\Microsoft
[2010.07.06 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla
[2010.12.31 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nokuuc
[2010.10.07 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PhotoScape
[2010.07.06 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PlayFirst
[2011.03.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PowerCinema
[2010.12.27 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Puex
[2010.07.06 16:59:16 | 000,000,000 | R--D | M] -- C:\Users\Alex\AppData\Roaming\SecuROM
[2010.12.28 00:44:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\seukvlcmaw
[2010.07.06 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Shape games
[2010.07.06 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Skype
[2010.07.06 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\skypePM
[2011.03.27 22:17:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftDMA
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thinstall
[2010.07.06 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2010.07.06 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\U3
[2010.07.06 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ubisoft
[2011.04.12 23:25:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\vlc
[2011.05.19 23:07:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Winamp
[2009.11.11 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xf7a914m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xf7a914m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Alex\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys
 
< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< End of report >
         
--- --- ---


Hier noch der extra logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2011 23:31:58 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 203,05 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
 
Computer Name: HDNETBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-349433845-2558389677-3379201677-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.007.01
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47780EB3-F1C5-EAB3-2F71-E9F4DB117038}" = WMV9/VC-1 Video Playback
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A4FB792-D98F-409C-24B6-BD2A80D30E3A}" = Catalyst Control Center Graphics Previews Common
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C074912-E427-6A4B-B0C2-6C7A31943175}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8026256E-BA16-4125-B350-EE6F31E7A638}" = TOEFL Sample Questions
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{896C5024-AA39-12E8-D6C2-D818B7E3D58F}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A22BB09-8086-691D-F409-3AF74D9E3BF0}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9C3E86F9-FCB0-16EC-C32F-FAA148B52310}" = ATI Catalyst Install Manager
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ADEEF3E4-15A4-F286-38EE-675A8EF0212B}" = Catalyst Control Center InstallProxy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B47CF9F5-B948-43E8-BC8D-EECB53D3EC6F}_is1" = Plants vs. Zombies
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVIConverter" = AVIConverter 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"Final Fantasy VII" = Final Fantasy VII
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Hardcore" = Hardcore
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IL Download Manager" = IL Download Manager
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Kain 2" = Legacy of Kain: Soul Reaver
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"SopCast" = SopCast 3.2.8
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.0.3
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Danke schonmal in Vorraus (:

Alt 22.05.2011, 15:01   #2
markusg
/// Malware-holic
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



hi
öffne malwarebytes, logdateien, alle logs posten.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:
ATTFilter
:OTL
PRC - C:\ProgramData\26337016.exe (Microsoft Corporation)
PRC - C:\ProgramData\oVlLshwOTG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-349433845-2558389677-3379201677-1000..\Run: [oVlLshwOTG] C:\ProgramData\oVlLshwOTG.exe (Microsoft Corporation)
[2011.05.21 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.21 16:21:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\oVlLshwOTG.exe
[2011.05.21 22:18:26 | 000,000,144 | ---- | M] () -- C:\ProgramData\~26337016r
[2011.05.21 22:18:26 | 000,000,120 | ---- | M] () -- C:\ProgramData\~26337016
[2011.05.21 22:18:21 | 000,000,336 | ---- | M] () -- C:\ProgramData\26337016
[2011.05.21 22:18:19 | 000,344,576 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\26337016.exe
[2011.05.21 21:31:37 | 000,000,120 | ---- | M] () -- C:\Users\Alex\AppData\Local\Hfizulicaken.dat
[2011.05.21 16:30:33 | 000,000,144 | ---- | M] () -- C:\ProgramData\~31907576r
[2011.05.21 16:30:33 | 000,000,120 | ---- | M] () -- C:\ProgramData\~31907576
[2011.05.21 16:30:32 | 000,000,639 | ---- | M] () -- C:\Users\Alex\Desktop\Windows 7 Recovery.lnk
[2011.05.21 16:30:14 | 000,000,336 | ---- | M] () -- C:\ProgramData\31907576
[2011.05.21 10:01:30 | 000,000,000 | ---- | M] () -- C:\Users\Alex\AppData\Local\Gpaputiholuracan.bin
:Files
C:\ProgramData\oVlLshwOTG.exe
C:\ProgramData\26337016.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________

Alt 22.05.2011, 15:41   #3
kermit44
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



hier der Malwarebytes log:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6636

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.05.2011 16:11:56
mbam-log-2011-05-22 (16-11-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162657
Laufzeit: 6 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\26337016.exe (Trojan.Agent) -> 3056 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uyuzikapawogepuk (Trojan.Agent.U) -> Value: Uyuzikapawogepuk -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\26337016.exe (Trojan.Agent) -> No action taken.
hier der otl log:
Zitat:
All processes killed
========== OTL ==========
No active process named 26337016.exe was found!
No active process named oVlLshwOTG.exe was found!
Registry value HKEY_USERS\S-1-5-21-349433845-2558389677-3379201677-1000\Software\Microsoft\Windows\CurrentVersion\Run\\oVlLshwOTG deleted successfully.
C:\ProgramData\oVlLshwOTG.exe moved successfully.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.
File C:\ProgramData\oVlLshwOTG.exe not found.
C:\ProgramData\~26337016r moved successfully.
C:\ProgramData\~26337016 moved successfully.
C:\ProgramData\26337016 moved successfully.
File C:\ProgramData\26337016.exe not found.
C:\Users\Alex\AppData\Local\Hfizulicaken.dat moved successfully.
C:\ProgramData\~31907576r moved successfully.
C:\ProgramData\~31907576 moved successfully.
C:\Users\Alex\Desktop\Windows 7 Recovery.lnk moved successfully.
C:\ProgramData\31907576 moved successfully.
C:\Users\Alex\AppData\Local\Gpaputiholuracan.bin moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\oVlLshwOTG.exe not found.
File\Folder C:\ProgramData\26337016.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Alex
->Flash cache emptied: 212119 bytes

User: All Users

User: Default
->Flash cache emptied: 75 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Public.HDnetbook
->Flash cache emptied: 7307 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Alex
->Temp folder emptied: 725412992 bytes
->Temporary Internet Files folder emptied: 49030892 bytes
->Java cache emptied: 48556 bytes
->FireFox cache emptied: 55707675 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Public.HDnetbook
->Temp folder emptied: 145900159 bytes
->Temporary Internet Files folder emptied: 104666384 bytes
->FireFox cache emptied: 109881139 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51942210 bytes
RecycleBin emptied: 958828 bytes

Total Files Cleaned = 1.186,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05222011_162326

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
__________________

Alt 22.05.2011, 16:01   #4
markusg
/// Malware-holic
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



danke für den upload.
sind das alle Malwarebytes logs?
falls nein alle logs mit funden posten. dann weiter:
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.05.2011, 16:25   #5
kermit44
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



hier der
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-21.03 - Alex 22.05.2011  17:12:07.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3067.2039 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\26795768.exe
c:\users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}
c:\users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}\chrome.manifest
c:\users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}\chrome\content\_cfg.js
c:\users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}\chrome\content\overlay.xul
c:\users\Alex\AppData\Local\{47E31375-EDAF-4551-8676-BB130487260A}\install.rdf
c:\users\Alex\AppData\Roaming\.#
c:\users\Alex\AppData\Roaming\.#\MBX@17C0@1F12928.###
c:\users\Alex\AppData\Roaming\.#\MBX@17C0@1F12958.###
c:\users\Alex\AppData\Roaming\.#\MBX@17C0@1F12988.###
c:\users\Alex\AppData\Roaming\Adobe\plugs
c:\users\Alex\AppData\Roaming\Adobe\plugs\mmc22833757.txt
c:\users\Alex\AppData\Roaming\Adobe\plugs\mmc22852882.txt
c:\users\Alex\AppData\Roaming\Adobe\plugs\mmc22877484.txt
c:\users\Alex\AppData\Roaming\Adobe\shed
c:\users\Alex\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Public.HDnetbook\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-22 bis 2011-05-22  ))))))))))))))))))))))))))))))
.
.
2011-05-22 14:23 . 2011-05-22 14:42	--------	d-----w-	C:\_OTL
2011-05-21 20:06 . 2011-05-21 20:06	--------	d--h--w-	c:\users\Alex\AppData\Roaming\Malwarebytes
2011-05-21 20:05 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 20:05 . 2011-05-21 20:05	--------	d--h--w-	c:\programdata\Malwarebytes
2011-05-21 20:05 . 2011-05-22 14:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-21 20:05 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-21 15:01 . 2011-05-21 15:01	--------	d-----w-	c:\users\Public.HDnetbook\AppData\Roaming\Avira
2011-05-11 18:24 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-11 18:24 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-30 13:43 . 2011-04-30 13:43	--------	d-----w-	c:\program files\ETS
2011-04-30 13:25 . 2011-04-30 13:25	--------	d--h--w-	c:\users\Alex\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\system32\xlivefnt.dll
2011-03-16 20:06 . 2009-11-09 19:32	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-15 19:19	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-15 19:19	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-15 19:19	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 19:19	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 19:19	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 19:19	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-15 19:19	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-15 19:19	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-15 19:19	386048	----a-w-	c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-15 19:19	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-15 19:19	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-15 19:19	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-15 19:19	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-15 19:19	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-15 19:19	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-15 19:19	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-15 19:19	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2010-07-01 23:28 . 2009-12-18 19:45	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02	120104	---ha-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-17 156968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-10 281768]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-01 30192]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-06-21 199488]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-17 206120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-05 691696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-01 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/11/08 21:17];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-18 16:23 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:04]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15003&l=dis
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1109&m=aspire_7735
uInternet Settings,ProxyServer = http=127.0.0.1:60222
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xf7a914m.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,41,32,73,3b,3e,99,44,9f,35,1b,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,41,32,73,3b,3e,99,44,9f,35,1b,\
.
[HKEY_USERS\S-1-5-21-349433845-2558389677-3379201677-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,73,1f,3f,b4,cc,bb,00,95,1f,9d,12,d8,69,09,8d,d7,ed,7e,1a,15,
   cd,8c,7c,33,59,c2,3b,b4,cd,f9,f3,c6,db,d3,07,20,f8,f5,34,d2,66,17,e8,bc,69,\
"rkeysecu"=hex:80,5d,35,13,38,c0,af,fb,bb,bd,65,13,03,79,b5,d4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-22  17:21:22
ComboFix-quarantined-files.txt  2011-05-22 15:21
.
Vor Suchlauf: 9 Verzeichnis(se), 218.549.108.736 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 218.057.080.832 Bytes frei
.
- - End Of File - - BDCE170802FCF3F1B5FE6DF33AAC7AB0
         
--- --- ---

Hoffentlich ist jetzt alles wieder ok. Big thanks


Alt 22.05.2011, 17:08   #6
markusg
/// Malware-holic
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



öffne malwarebytes, logdateien, alle logs mit funden posten
__________________
--> Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch

Alt 22.05.2011, 23:15   #7
kermit44
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



hier nochmal die Malwarebytes log.keine infizierten objekte mehr gefunden

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6636

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.05.2011 00:11:38
mbam-log-2011-05-23 (00-11-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161415
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 23.05.2011, 12:29   #8
markusg
/// Malware-holic
 
Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Standard

Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch



lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch
32 bit, adblock, adobe, antivir, autorun, avira, bho, converter, defender, error, explorer, festplatte, firefox, flash player, format, google earth, install.exe, intranet, launch, locker, logfile, mozilla, mp3, mywinlocker, nvstor.sys, oldtimer, realtek, registry, rundll, scan, sched.exe, searchplugins, shell32.dll, software, sptd.sys, start menu, taskhost.exe, temp, trojaner, usb, webcheck, windows



Ähnliche Themen: Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch


  1. Fake HDD. Schwarzer Bildschirm, Nachricht festplatte beschädight private Daten in Gefahr.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2011 (11)
  2. Festplatte beschädigt. Private Daten sind in Gefahr //Catalyst Control Center funktioniert nicht meh
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (38)
  3. Festplatte beschädigt, Daten dahin
    Log-Analyse und Auswertung - 13.06.2011 (35)
  4. Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 09.06.2011 (16)
  5. Windows Vista Recovery(Festplatte Defekt)Trojaner dazu schwarzer Bildschirm und alle Daten versteckt
    Log-Analyse und Auswertung - 31.05.2011 (7)
  6. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  7. windos recovery Festplatte beschädigt Alles Ganz schwarz
    Log-Analyse und Auswertung - 24.05.2011 (3)
  8. "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen
    Log-Analyse und Auswertung - 23.05.2011 (3)
  9. Festplatte Cluster beschädigt/Windows Vista Recovery
    Log-Analyse und Auswertung - 21.05.2011 (1)
  10. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  11. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 04.05.2011 (14)
  12. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  13. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (41)
  14. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (23)
  15. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 29.04.2011 (37)
  16. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Dateien sind in Gefahr.
    Log-Analyse und Auswertung - 26.04.2011 (3)
  17. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Alles rund um Windows - 24.04.2011 (3)

Zum Thema Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch - Guten Abend, habe mir einen Trojaner eingefangen. Es erscheinen dauerhaft Fehlermeldungen von Windows und Windows 7 Recovery( auf Englisch) springt automatisch an. Habe schon unhide und Malwarebytes durchlaufen lassen. Danach - Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch...
Archiv
Du betrachtest: Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.