Metropolitan Police Virus mit OTL.txt

h3nky · 20.06.2011, 15:10

Hallo, auch mich hat dieser Trojaner erwischt.
Hier die Daten aus dem OTl.txt
hoffe man kann mir auch weiter helfen.
Vorab schonmal vielen Dank

OTL logfile created on: 6/20/2011 4:16:24 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 327.34 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive X: | 3.93 Gb Total Space | 3.53 Gb Free Space | 89.80% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/06/04 12:51:38 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/06 12:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/09/04 10:06:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 12:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/01 18:54:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/01 18:54:54 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/15 10:34:20 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/06/04 12:51:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/27 04:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 04:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/05/07 12:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/02 15:11:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/01 18:54:54 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/01/01 18:54:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/01 18:54:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/23 03:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 15:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/06/08 14:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\henky_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\henky_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\henky_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AD3FB3C2-E344-4276-A7E2-F0BC8A627298}:1.9.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/09/05 15:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}: C:\Documents and Settings\henky\Local Settings\Application Data\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298} [2011/04/18 10:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 09:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 09:48:18 | 000,000,000 | ---D | M]

[2010/01/01 18:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Extensions
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions
[2010/07/25 15:30:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 07:12:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/05 23:52:41 | 000,000,000 | ---D | M] (FoxGame) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2011/05/07 03:39:58 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2010/05/21 03:39:31 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\daemon-search.xml
[2011/06/16 05:37:48 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-1.xml
[2011/03/24 11:30:15 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-2.xml
[2011/04/30 05:34:13 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-3.xml
[2011/05/01 07:16:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-4.xml
[2010/05/12 11:40:48 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin.xml
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/18 10:22:41 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HENKY\LOCAL SETTINGS\APPLICATION DATA\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}
[2010/09/05 15:42:51 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010/01/25 16:44:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/05/31 11:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Program Files\Mozilla Firefox\plugins\npalnn.dll
[2010/03/27 12:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2009/12/02 04:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009/12/02 04:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009/12/02 04:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009/12/02 04:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009/12/02 04:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011/05/08 07:51:57 | 000,000,849 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\henky_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Tbagokonibum] File not found
O4 - HKU\.DEFAULT..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [{1F25ECE9-2C48-B249-EF11-8DD4A60B01ED}] C:\Documents and Settings\henky\Application Data\Ehew\ecel.exe ()
O4 - HKU\henky_ON_C..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\henky_ON_C..\Run: [Fvidakipipadax] File not found
O4 - HKU\henky_ON_C..\Run: [ICQ] File not found
O4 - HKU\henky_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Performance Center] File not found
O4 - HKU\henky_ON_C..\Run: [Steam] C:\Games\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\henky_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.7895989218671142.exe) - C:\Program Files\Mozilla Firefox\0.7895989218671142.exe (BitDefender)
O24 - Desktop Components:0 () - hxxp://i8.ebayimg.com/08/i/001/49/9a/4a19_12.JPG
O24 - Desktop Components:1 () - hxxp://uni74.ogame.de/game/img/background/background_voll_2.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/02 03:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 09:02:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Desktop\Stuff
[2011/06/16 05:26:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/16 05:26:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/12 08:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Local Settings\Application Data\PunkBuster
[2011/06/12 08:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Start Menu\Programs\Wolfenstein - Enemy Territory
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Program Files\HLSW
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[2011/06/12 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Application Data\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 08:54:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 08:53:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 08:53:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/06/19 17:38:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/19 17:38:48 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/19 08:31:48 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/18 18:12:11 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 18:12:11 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 09:02:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:21:40 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 05:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/17 04:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 08:49:38 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/12 08:49:29 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:32:18 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/06/12 08:27:57 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/12 08:09:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 08:32:18 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:27:57 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/04 12:52:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/04 12:52:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/18 10:22:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wxocimupewukuwup.dat
[2011/04/18 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bciboqoralos.bin
[2010/12/12 14:01:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/12/12 12:52:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\spwdrg.INI
[2010/12/12 12:52:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/12/12 12:52:21 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/12/12 12:52:21 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/12/12 12:52:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/12/12 12:52:21 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/12/12 12:52:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2010/09/17 16:32:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/19 11:10:44 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bbbotsoftid.ini
[2010/08/11 16:44:42 | 000,039,648 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/20 06:35:52 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 19:04:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/07 12:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 12:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/18 12:37:24 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/04/18 12:37:23 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/18 12:37:16 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/05 17:54:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/01/30 09:55:54 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/01/03 20:51:28 | 000,011,101 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/01/02 03:30:48 | 000,030,979 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/01/02 03:30:35 | 000,030,660 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/02 03:30:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/02 03:30:27 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/02 03:25:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/02 03:20:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/01 19:54:07 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/01 19:17:45 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/01/01 19:17:45 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/01/01 19:17:42 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/01/01 19:17:42 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/01/01 19:10:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/01 19:07:12 | 003,586,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/01 18:44:27 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/01 18:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/01 07:06:46 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 07:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/21 07:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\abgx360
[2010/03/03 06:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Bioshock2
[2010/01/10 17:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Canneverbe_Limited
[2010/01/02 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Lite
[2010/04/29 18:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Pro
[2010/01/04 12:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ehew
[2010/10/20 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\FreeFLVConverter
[2011/06/12 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\HLSW
[2011/06/19 06:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ICQ
[2010/02/27 05:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ImgBurn
[2010/04/18 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Leadertech
[2010/07/26 15:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\LolClient
[2011/06/19 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Puuldi
[2010/09/21 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/13 07:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TeamViewer
[2010/01/02 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TMP
[2011/05/23 12:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TS3Client
[2010/05/09 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ubisoft
[2010/03/08 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Xilisoft
[2010/11/21 07:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\360WavesPatcher
[2010/01/02 15:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/02 14:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/05/01 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/09/06 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/27 02:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/12/12 14:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/07/20 03:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/11/17 15:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2010/08/22 09:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/01 03:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/19 16:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:24051EFF
< End of report >

cosinus · 20.06.2011, 21:18

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

CS4 und CS5?
Stammen aus welcher Quelle?

h3nky · 20.06.2011, 21:43

handelt sich jeweils um die 30tage testversion von chip

hxxp://www.chip.de/news/Photoshop-CS5-Demo-kostenlos-zum-Download_42813203.html

wusste gar nicht das des noch drauf ist.
ist aber nicht ilegal oder?
habe das prog sowieso nicht nutzen können da es zu kompliziert ist.

kannst du mir weiter helfen mit meinem trojaner prob :-(

cosinus · 21.06.2011, 09:15

Zitat:

ist aber nicht ilegal oder?

Testversionen sind natürlich nicht illegal weil sie dem potentiellen Käufer des Vollprodukts ja einen gewissen kostenlosen Testzeitraum gewähren.

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com

Allerdings sind diese Einträge in der hosts Datei immer verdächtig, da diese bewirken, dasss dein Rechner nicht mit mit dem Aktivierungsserver von Adobe kommunizieren kann. Wenn diese Einträge bestehen, könntest du also ein legal erworbenes Adobeprodukt also nichtmal aktivieren. Illegale Cracks erzeugen oft diese Einträge, um zu verhindern, dass das gecrackte Adobe beim Hersteller "petzt" aber ich hab solche Einträge auch schon gesehen um den Testzeitraum zu verlängern

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [Tbagokonibum] File not found
O4 - HKU\.DEFAULT..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [{1F25ECE9-2C48-B249-EF11-8DD4A60B01ED}] C:\Documents and Settings\henky\Application Data\Ehew\ecel.exe ()
O4 - HKU\henky_ON_C..\Run: [aighfrshdgf.exe] File not found
O20 - HKLM Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.7895989218671142.exe) - C:\Program Files\Mozilla Firefox\0.7895989218671142.exe (BitDefender)
[2011/04/18 10:22:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wxocimupewukuwup.dat
[2011/04/18 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bciboqoralos.bin
:Files
C:\Documents and Settings\henky\Application Data\Ehew
C:\Program Files\Mozilla Firefox\0.7895989218671142.exe
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Metropolitan Police Virus mit OTL.txt

Plagegeister aller Art und deren Bekämpfung: Metropolitan Police Virus mit OTL.txt