Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Metropolitan Police Virus mit OTL.txt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.06.2011, 15:10   #1
h3nky
 
Metropolitan Police Virus mit OTL.txt - Standard

Metropolitan Police Virus mit OTL.txt



Hallo, auch mich hat dieser Trojaner erwischt.
Hier die Daten aus dem OTl.txt
hoffe man kann mir auch weiter helfen.
Vorab schonmal vielen Dank

OTL logfile created on: 6/20/2011 4:16:24 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 327.34 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive X: | 3.93 Gb Total Space | 3.53 Gb Free Space | 89.80% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/06/04 12:51:38 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/06 12:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/09/04 10:06:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 12:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/01 18:54:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/01 18:54:54 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/15 10:34:20 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/06/04 12:51:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/27 04:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 04:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/05/07 12:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/02 15:11:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/01 18:54:54 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/01/01 18:54:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/01 18:54:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/23 03:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 15:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/06/08 14:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\henky_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\henky_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\henky_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AD3FB3C2-E344-4276-A7E2-F0BC8A627298}:1.9.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/09/05 15:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}: C:\Documents and Settings\henky\Local Settings\Application Data\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298} [2011/04/18 10:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 09:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 09:48:18 | 000,000,000 | ---D | M]

[2010/01/01 18:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Extensions
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions
[2010/07/25 15:30:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 07:12:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/05 23:52:41 | 000,000,000 | ---D | M] (FoxGame) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2011/05/07 03:39:58 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2010/05/21 03:39:31 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\daemon-search.xml
[2011/06/16 05:37:48 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-1.xml
[2011/03/24 11:30:15 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-2.xml
[2011/04/30 05:34:13 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-3.xml
[2011/05/01 07:16:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-4.xml
[2010/05/12 11:40:48 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin.xml
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/18 10:22:41 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HENKY\LOCAL SETTINGS\APPLICATION DATA\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}
[2010/09/05 15:42:51 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010/01/25 16:44:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/05/31 11:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Program Files\Mozilla Firefox\plugins\npalnn.dll
[2010/03/27 12:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2009/12/02 04:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009/12/02 04:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009/12/02 04:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009/12/02 04:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009/12/02 04:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011/05/08 07:51:57 | 000,000,849 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\henky_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Tbagokonibum] File not found
O4 - HKU\.DEFAULT..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [{1F25ECE9-2C48-B249-EF11-8DD4A60B01ED}] C:\Documents and Settings\henky\Application Data\Ehew\ecel.exe ()
O4 - HKU\henky_ON_C..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\henky_ON_C..\Run: [Fvidakipipadax] File not found
O4 - HKU\henky_ON_C..\Run: [ICQ] File not found
O4 - HKU\henky_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Performance Center] File not found
O4 - HKU\henky_ON_C..\Run: [Steam] C:\Games\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\henky_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.7895989218671142.exe) - C:\Program Files\Mozilla Firefox\0.7895989218671142.exe (BitDefender)
O24 - Desktop Components:0 () - hxxp://i8.ebayimg.com/08/i/001/49/9a/4a19_12.JPG
O24 - Desktop Components:1 () - hxxp://uni74.ogame.de/game/img/background/background_voll_2.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/02 03:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 09:02:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Desktop\Stuff
[2011/06/16 05:26:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/16 05:26:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/12 08:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Local Settings\Application Data\PunkBuster
[2011/06/12 08:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Start Menu\Programs\Wolfenstein - Enemy Territory
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Program Files\HLSW
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[2011/06/12 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Application Data\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 08:54:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 08:53:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 08:53:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/06/19 17:38:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/19 17:38:48 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/19 08:31:48 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/18 18:12:11 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 18:12:11 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 09:02:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:21:40 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 05:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/17 04:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 08:49:38 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/12 08:49:29 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:32:18 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/06/12 08:27:57 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/12 08:09:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 08:32:18 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:27:57 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/04 12:52:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/04 12:52:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/18 10:22:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wxocimupewukuwup.dat
[2011/04/18 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bciboqoralos.bin
[2010/12/12 14:01:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/12/12 12:52:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\spwdrg.INI
[2010/12/12 12:52:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/12/12 12:52:21 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/12/12 12:52:21 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/12/12 12:52:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/12/12 12:52:21 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/12/12 12:52:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2010/09/17 16:32:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/19 11:10:44 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bbbotsoftid.ini
[2010/08/11 16:44:42 | 000,039,648 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/20 06:35:52 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 19:04:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/07 12:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 12:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/18 12:37:24 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/04/18 12:37:23 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/18 12:37:16 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/05 17:54:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/01/30 09:55:54 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/01/03 20:51:28 | 000,011,101 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/01/02 03:30:48 | 000,030,979 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/01/02 03:30:35 | 000,030,660 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/02 03:30:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/02 03:30:27 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/02 03:25:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/02 03:20:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/01 19:54:07 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/01 19:17:45 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/01/01 19:17:45 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/01/01 19:17:42 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/01/01 19:17:42 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/01/01 19:10:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/01 19:07:12 | 003,586,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/01 18:44:27 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/01 18:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/01 07:06:46 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 07:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/21 07:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\abgx360
[2010/03/03 06:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Bioshock2
[2010/01/10 17:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Canneverbe_Limited
[2010/01/02 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Lite
[2010/04/29 18:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Pro
[2010/01/04 12:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ehew
[2010/10/20 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\FreeFLVConverter
[2011/06/12 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\HLSW
[2011/06/19 06:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ICQ
[2010/02/27 05:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ImgBurn
[2010/04/18 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Leadertech
[2010/07/26 15:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\LolClient
[2011/06/19 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Puuldi
[2010/09/21 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/13 07:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TeamViewer
[2010/01/02 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TMP
[2011/05/23 12:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TS3Client
[2010/05/09 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ubisoft
[2010/03/08 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Xilisoft
[2010/11/21 07:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\360WavesPatcher
[2010/01/02 15:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/02 14:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/05/01 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/09/06 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/27 02:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/12/12 14:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/07/20 03:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/11/17 15:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2010/08/22 09:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/01 03:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/19 16:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:24051EFF
< End of report >

Alt 20.06.2011, 21:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Metropolitan Police Virus mit OTL.txt - Standard

Metropolitan Police Virus mit OTL.txt



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
CS4 und CS5?
Stammen aus welcher Quelle?
__________________

__________________

Alt 20.06.2011, 21:43   #3
h3nky
 
Metropolitan Police Virus mit OTL.txt - Standard

Metropolitan Police Virus mit OTL.txt



handelt sich jeweils um die 30tage testversion von chip

hxxp://www.chip.de/news/Photoshop-CS5-Demo-kostenlos-zum-Download_42813203.html

wusste gar nicht das des noch drauf ist.
ist aber nicht ilegal oder?
habe das prog sowieso nicht nutzen können da es zu kompliziert ist.

kannst du mir weiter helfen mit meinem trojaner prob :-(
__________________

Geändert von h3nky (20.06.2011 um 21:54 Uhr)

Alt 21.06.2011, 09:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Metropolitan Police Virus mit OTL.txt - Standard

Metropolitan Police Virus mit OTL.txt



Zitat:
ist aber nicht ilegal oder?
Testversionen sind natürlich nicht illegal weil sie dem potentiellen Käufer des Vollprodukts ja einen gewissen kostenlosen Testzeitraum gewähren.

Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
Allerdings sind diese Einträge in der hosts Datei immer verdächtig, da diese bewirken, dasss dein Rechner nicht mit mit dem Aktivierungsserver von Adobe kommunizieren kann. Wenn diese Einträge bestehen, könntest du also ein legal erworbenes Adobeprodukt also nichtmal aktivieren. Illegale Cracks erzeugen oft diese Einträge, um zu verhindern, dass das gecrackte Adobe beim Hersteller "petzt" aber ich hab solche Einträge auch schon gesehen um den Testzeitraum zu verlängern



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [Tbagokonibum] File not found
O4 - HKU\.DEFAULT..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [{1F25ECE9-2C48-B249-EF11-8DD4A60B01ED}] C:\Documents and Settings\henky\Application Data\Ehew\ecel.exe ()
O4 - HKU\henky_ON_C..\Run: [aighfrshdgf.exe] File not found
O20 - HKLM Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.7895989218671142.exe) - C:\Program Files\Mozilla Firefox\0.7895989218671142.exe (BitDefender)
[2011/04/18 10:22:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wxocimupewukuwup.dat
[2011/04/18 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bciboqoralos.bin
:Files
C:\Documents and Settings\henky\Application Data\Ehew
C:\Program Files\Mozilla Firefox\0.7895989218671142.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Metropolitan Police Virus mit OTL.txt
ad-aware, alternate, antivir, avira, bho, bonjour, cdburnerxp, cpu, dealply, desktop, error, excel.exe, firefox, fontcache, format, google, helper, logfile, lws.exe, metropolitan police virus, monitor, mozilla, object, otl.txt, performance, reatogo, registry, scan, sched.exe, searchplugins, senden, software, sptd.sys, start menu, trojaner, virus, windows, windows xp



Ähnliche Themen: Metropolitan Police Virus mit OTL.txt


  1. [2x] Metropolitan Police Virus
    Mülltonne - 19.02.2012 (2)
  2. Metropolitan Police Virus - Loganalyse
    Log-Analyse und Auswertung - 09.12.2011 (5)
  3. metropolitan police virus
    Log-Analyse und Auswertung - 29.11.2011 (1)
  4. metropolitan police virus
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (54)
  5. Metropolitan Police Virus - Loganalyse
    Log-Analyse und Auswertung - 24.07.2011 (4)
  6. Metropolitan police virus
    Log-Analyse und Auswertung - 21.07.2011 (7)
  7. Metropolitan Police Virus - das Übliche
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (22)
  8. Metropolitan Police Virus - Bitte um Loganalyse
    Log-Analyse und Auswertung - 04.07.2011 (12)
  9. Metropolitan Police Virus
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (21)
  10. Metropolitan Police Virus
    Log-Analyse und Auswertung - 24.06.2011 (26)
  11. Metropolitan Police, illegal activity Virus
    Log-Analyse und Auswertung - 23.06.2011 (11)
  12. Metropolitan Police Virus mit OTL.txt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (14)
  13. Metropolitan Police Virus und OTL logs
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (5)
  14. Virus Metropolitan Police
    Log-Analyse und Auswertung - 21.06.2011 (7)
  15. Metropolitan Police Virus - OTL-Datei
    Log-Analyse und Auswertung - 20.06.2011 (3)
  16. Metropolitan Police Virus
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (24)
  17. Metropolitan Police Virus - Lösung gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (1)

Zum Thema Metropolitan Police Virus mit OTL.txt - Hallo, auch mich hat dieser Trojaner erwischt. Hier die Daten aus dem OTl.txt hoffe man kann mir auch weiter helfen. Vorab schonmal vielen Dank OTL logfile created on: 6/20/2011 4:16:24 - Metropolitan Police Virus mit OTL.txt...
Archiv
Du betrachtest: Metropolitan Police Virus mit OTL.txt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.