Western Union als Firefox-Hauptseite ?

germaniac · 18.10.2011, 17:45

Hallo liebe Wurmbefallenen,

habe seit kurzem als nicht mehr zu verändernde Startseite bei Firefox die Seite "Westernunion.com". Trotz Löschen des Eintrags in der user.js im Firefox-Verzeichnis läst sich diese nicht mehr vernichten bzw. ersetzen.

Weiß jemand mehr, wie ich diese Seite zur Strecke bringe ?

Danke im voraus.

markusg · 18.10.2011, 17:49

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die
OTL.exe

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan
links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

germaniac · 18.10.2011, 18:18

Okay, hier die Files.
Könnte die Lösung schön folgende sein ?:
PRC - C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe

Hier der erste Log:::::::::::::OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.10.2011 18:52:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\tmartus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,14% Memory free
7,96 Gb Paging File | 6,51 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 275,33 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
 
Computer Name: TMARTUS-PC | User Name: tmartus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tmartus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ffb7a3296dadf6b9bf59d801b505391\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a211b5a8a70f520c3916fc171c57055b\IAStorCommon.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fefab06818fb2664595d1ef8f3d4faf3\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cd5d6686dd65a70df2bb47350e5565f2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d4e82d7d148d82bec5a0099f8c0a9d7c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9f104525b1deefddbcff7141c2c08602\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e4be545cbe1875f0f1f2fa20d614b3f9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e80f44851696e7e15982d5a57ce715b5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\033c4be35e173939c647b9eab467f3ba\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fe70d777535c215f4fe9f9def2b4c815\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (USBMIDIAudioDevMon) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MAUSBMIDI) -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys (M-Audio)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Tileproxy) -- C:\Windows\SysNative\drivers\tileproxy.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (US122WdmService) -- C:\Windows\SysNative\drivers\US122Wdmx64.sys (Frontier Design Group, LLC)
DRV:64bit: - (US122DL) -- C:\Windows\SysNative\drivers\US122DLx64.sys (Frontier Design Group)
DRV:64bit: - (US122) -- C:\Windows\SysNative\drivers\US122x64.sys (Frontier Design Group, LLC)
DRV:64bit: - (Ser2pl64) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.westernunion.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 B2 14 02 CC 72 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - user.js..browser.startup.homepage: "hxxp://www.westernunion.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.12 18:57:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.12 18:57:41 | 000,000,000 | ---D | M]
 
[2011.06.08 19:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmartus\AppData\Roaming\mozilla\Extensions
[2011.06.13 10:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tmartus\AppData\Roaming\mozilla\Firefox\Profiles\7b2etyej.default\extensions
[2011.06.10 20:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.10 20:20:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.10 20:20:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.12 18:57:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.12 18:57:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.12 18:57:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.12 18:57:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.12 18:57:40 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.12 12:23:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [{2007CFF5-CD5E-4926-DCC3-7A267D5C1CC9}] C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641F1C3D-58E7-49B2-8F79-6C847DB336D1}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.18 18:51:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tmartus\Desktop\OTL.exe
[2011.10.17 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\tmartus\AppData\Roaming\Ufdayl
[2011.10.17 21:33:31 | 000,000,000 | ---D | C] -- C:\Users\tmartus\AppData\Roaming\Laasny
[2011.10.17 19:15:47 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\dvorak_no.09_kertesz_london SO
[2011.10.17 18:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.10.17 18:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.10.17 18:22:11 | 000,000,000 | ---D | C] -- C:\data
[2011.10.17 18:22:11 | 000,000,000 | ---D | C] -- C:\BACKUP
[2011.10.17 18:19:56 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Documents\FUSSBALL MANAGER 11
[2011.10.17 18:12:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011.10.17 18:11:38 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Documents\FIFA MANAGER 11
[2011.10.17 17:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2011.10.17 17:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.10.17 08:49:54 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\Fußballmanager_magath
[2011.10.16 11:57:25 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\liverpool.vs.manchester.united.720p
[2011.10.14 20:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011.10.14 20:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2011.10.14 10:52:32 | 000,000,000 | ---D | C] -- C:\Users\tmartus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
[2011.10.14 10:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
[2011.10.14 10:52:29 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2011.10.14 10:52:28 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2011.10.14 10:52:28 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2011.10.14 10:52:28 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2011.10.14 10:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.10.10 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\alan parsons_I robot
[2011.10.10 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\alan parsons_pyramid
[2011.10.06 20:33:28 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\wagner-tristan & isolde_barenboim_Berliner SO
[2011.10.04 15:30:24 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\EMBA auftrag
[2011.09.26 14:51:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.09.26 14:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.09.26 14:45:01 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2011.09.26 14:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.09.26 14:44:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011.09.26 14:44:45 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011.09.26 14:44:45 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011.09.26 14:44:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011.09.26 14:44:44 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011.09.26 14:44:42 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011.09.26 14:44:42 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011.09.26 14:44:42 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011.09.22 11:30:43 | 000,000,000 | R--D | C] -- C:\Users\tmartus\Documents\Scanned Documents
[2011.09.22 11:30:43 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Documents\Fax
[2011.09.21 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\tmartus\Desktop\FIFA 11-EA Games
[2011.09.20 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\tmartus\AppData\Roaming\IObit
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.18 18:51:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tmartus\Desktop\OTL.exe
[2011.10.18 09:54:58 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 09:54:58 | 000,022,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 09:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.18 09:47:39 | 3207,303,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.17 18:13:19 | 000,001,686 | ---- | M] () -- C:\Users\tmartus\Desktop\Manager 11.lnk
[2011.10.16 13:47:50 | 000,010,070 | ---- | M] () -- C:\Users\tmartus\Documents\cc_20111016_134744.reg
[2011.10.16 12:13:17 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.16 12:13:17 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.16 12:13:17 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.16 12:13:17 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.16 12:13:17 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.15 09:52:32 | 000,300,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.09.26 21:12:35 | 000,001,528 | ---- | M] () -- C:\Users\tmartus\Documents\cc_20110926_211219.reg
[2011.09.22 21:44:54 | 000,001,328 | ---- | M] () -- C:\Users\tmartus\Documents\cc_20110922_214451.reg
[2011.09.22 20:54:51 | 000,009,758 | ---- | M] () -- C:\Users\tmartus\Documents\cc_20110922_205445.reg
[2011.09.20 11:11:02 | 000,000,792 | ---- | M] () -- C:\Users\tmartus\Documents\cc_20110920_111059.reg
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.17 18:13:19 | 000,001,686 | ---- | C] () -- C:\Users\tmartus\Desktop\Manager 11.lnk
[2011.10.16 13:47:49 | 000,010,070 | ---- | C] () -- C:\Users\tmartus\Documents\cc_20111016_134744.reg
[2011.09.26 21:12:32 | 000,001,528 | ---- | C] () -- C:\Users\tmartus\Documents\cc_20110926_211219.reg
[2011.09.22 21:44:53 | 000,001,328 | ---- | C] () -- C:\Users\tmartus\Documents\cc_20110922_214451.reg
[2011.09.22 20:54:50 | 000,009,758 | ---- | C] () -- C:\Users\tmartus\Documents\cc_20110922_205445.reg
[2011.09.20 11:11:00 | 000,000,792 | ---- | C] () -- C:\Users\tmartus\Documents\cc_20110920_111059.reg
[2011.09.12 12:01:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.12 12:01:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.12 12:01:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.12 12:01:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.12 12:01:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.22 10:59:49 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.12 19:14:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\zlib1i.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

--- --- ---

Hier der zweite LOG ::::::::::::OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.10.2011 18:52:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\tmartus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,14% Memory free
7,96 Gb Paging File | 6,51 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 275,33 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
 
Computer Name: TMARTUS-PC | User Name: tmartus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}" = M-Audio USB MIDI Series Driver 5.0.1 (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ReadyDriver Plus_is1" = ReadyDriver Plus 1.2
"US122 Driver_is1" = US122 Driver 3.40
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F95C156-BE36-4D73-B22F-BDE3538B09A8}" = FS Recorder 2.01  for FSX
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DF6786-66AA-42EE-8616-AE456B07BD99}" = Microsoft Flight Simulator SimConnect Client v10.0.61242.0
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"A321 Repaint Pack" = A321 Repaint Pack
"Addictive Drums" = Addictive Drums
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"EA Installer.-1739425969" = EA Installer
"FIFA MANAGER 11" = FIFA MANAGER 11
"fmXML_is1" = fmXML version 0.3
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Audio Converter_is1" = Free Audio Converter version 2.3.815
"FS Global 2008 for FSX" = FS Global 2008 for FSX
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"IvAe_is1" = The Eye v1.0.6 (b345)
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"Mp3tag" = Mp3tag v2.49
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments FM7 v1.10.006" = Native Instruments FM7 v1.10.006
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.4.0
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TileProxy" = The TileProxy Project for Microsoft FSX/2004/2002
"uTorrent" = µTorrent
"vasFMC_is1" = vasFMC 2.0a9
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.10.2011 08:47:17 | Computer Name = tmartus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c8a90dc  Name des fehlerhaften Moduls: fifa.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c8a90dc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0096a34d  ID des fehlerhaften Prozesses:
 0xe4c  Startzeit der fehlerhaften Anwendung: 0x01cc88069f9ed416  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Berichtskennung: 
2613a74c-f407-11e0-8dc0-f46d048f8fdb
 
Error - 12.10.2011 03:19:17 | Computer Name = tmartus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.10.2011 07:22:08 | Computer Name = tmartus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 03:06:44 | Computer Name = tmartus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 08:27:04 | Computer Name = tmartus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 10:07:27 | Computer Name = tmartus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c8a90dc  Name des fehlerhaften Moduls: fifa.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c8a90dc  Ausnahmecode: 0x4000001f  Fehleroffset: 0x00006536  ID des fehlerhaften Prozesses:
 0x4b8  Startzeit der fehlerhaften Anwendung: 0x01cc89b16f741458  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\EA Sports\FIFA 11\Game\fifa.exe  Berichtskennung: 
ae56262a-f5a4-11e0-b9cf-f46d048f8fdb
 
Error - 13.10.2011 13:33:20 | Computer Name = tmartus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 14:33:16 | Computer Name = tmartus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-BmGame.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4a51daa6  Name des fehlerhaften Moduls: xlive.dll, Version: 3.5.88.0,
 Zeitstempel: 0x4da10de9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0016358c  ID des fehlerhaften
 Prozesses: 0xf8c  Startzeit der fehlerhaften Anwendung: 0x01cc89d680621d24  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\xlive.dll  Berichtskennung: d09118d4-f5c9-11e0-9505-f46d048f8fdb
 
Error - 13.10.2011 14:36:08 | Computer Name = tmartus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-BmGame.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4a51daa6  Name des fehlerhaften Moduls: xlive.dll, Version: 3.5.88.0,
 Zeitstempel: 0x4da10de9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0016358c  ID des fehlerhaften
 Prozesses: 0xd78  Startzeit der fehlerhaften Anwendung: 0x01cc89d6ef5804aa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\xlive.dll  Berichtskennung: 36baf7a6-f5ca-11e0-9505-f46d048f8fdb
 
Error - 13.10.2011 14:40:04 | Computer Name = tmartus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-BmGame.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4a51daa6  Name des fehlerhaften Moduls: xlive.dll, Version: 3.5.88.0,
 Zeitstempel: 0x4da10de9  Ausnahmecode: 0xc0000094  Fehleroffset: 0x0016367a  ID des fehlerhaften
 Prozesses: 0xd90  Startzeit der fehlerhaften Anwendung: 0x01cc89d783329c3a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\xlive.dll  Berichtskennung: c364f877-f5ca-11e0-9505-f46d048f8fdb
 
[ System Events ]
Error - 13.10.2011 06:18:12 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.10.2011 07:07:54 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 13.10.2011 07:07:55 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 14.10.2011 14:48:02 | Computer Name = tmartus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.10.2011 15:44:12 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 14.10.2011 15:44:14 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 15.10.2011 05:32:45 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.10.2011 05:32:47 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.10.2011 06:10:09 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.10.2011 06:10:11 | Computer Name = tmartus-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

--- --- ---

markusg · 18.10.2011, 18:28

hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [{2007CFF5-CD5E-4926-DCC3-7A267D5C1CC9}] C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe ()
:Files
C:\Users\tmartus\AppData\Roaming\Laasny
:Commands
[purity]
[EMPTYFLASH] 
[resethosts]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer , öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

germaniac · 18.10.2011, 19:02

So, gesagt, getan.

Hier, das entstandene LOG:::::::::::::::::::::::::::::::::::::::::::::::.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2007CFF5-CD5E-4926-DCC3-7A267D5C1CC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2007CFF5-CD5E-4926-DCC3-7A267D5C1CC9}\ not found.
C:\Users\tmartus\AppData\Roaming\Laasny\oswuakt.exe moved successfully.
========== FILES ==========
C:\Users\tmartus\AppData\Roaming\Laasny folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: tmartus
->Flash cache emptied: 473 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tmartus
->Temp folder emptied: 14312 bytes
->Temporary Internet Files folder emptied: 167361 bytes
->Java cache emptied: 16250 bytes
->FireFox cache emptied: 39240757 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 4047480 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10182011_193856

Files\Folders moved on Reboot...
C:\Users\tmartus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Package ist auch schon geschickt.

Scheint das Problem wohl gewesen zu sein - kann nach Erneuerung der user.js wieder Starseiten bestimmen.

Hoffe nun, für immer.

Viiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiielen Dank

markusg · 18.10.2011, 19:07

machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?

germaniac · 18.10.2011, 19:24

Online-Banking seit längerer Zeit nicht - ansonsten ist der PC mein Berufs-PC.

markusg · 18.10.2011, 20:02

also, du hast nen zbot trojaner auf dem pc, der stiehlt daten und kann enderungen am system vor nehmen.
dieses system würde ich, nach daten rettung, formatieren und neu aufsetzen und dann vernünftig absichern.
für das neu aufsetzen und absichern gebe ich gern anleitungen.

germaniac · 18.10.2011, 20:11

Ist dieser Zbot-Trojaner jetzt vernichtet - oder woran stellst du das gerade fest ?

Soll neu aufgesetzt werden, weil der Trojaner noch nicht lokalisiert ist ?

Neu aufsetzen wäre schlimm, da ich den Rechner frisch vom Händler habe und so vorerst meine Garantie verfallen würde

markusg · 18.10.2011, 20:25

deine garantie verfällt nicht wenn du neu aufsetzt, dass klingt mir sehr sehr sehr nach fehlinformation.
nach einem zbot befall kann man nie 100 %ig sagen das das system sauber ist, deswegen und du nutzt den pc beruflich, muss er neu aufgesetzt werden.

germaniac · 18.10.2011, 20:32

... mit beruflich meine ich, dass ich ihn sozusagen als Freiberufler täglich nutze. Ih habe keinerlei Kundenkontakte oder - daten auf diesem PC. Ein paar Games und viel Musikersoftware -> alle legal erworben

Woran erkennst du den zbot ? Ist er noch da - oder redest du von ev. Restschäden am PC ?

markusg · 18.10.2011, 20:44

den zbot, bzw das was zu erkennen war, ist entfernt, dies bedeutet aber nicht das der pc sauber ist, hab ich aber glaub ich nun schon ein paar mal geschrieben :-)

germaniac · 18.10.2011, 20:51

okay, ich lass` mir das nochmal durch den Kopf gehen mit neuaufsetzen. Zeitlich wäre das gerade `ne Katastrophe für mich. Wenn ich Zeit finde, komme ich sehr gern darauf zurück.

Vieelen Dank nochmals.

18.10.2011, 19:07	#6
markusg /// Malware-holic	Western Union als Firefox-Hauptseite ? machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc? __________________ --> Western Union als Firefox-Hauptseite ?

Western Union als Firefox-Hauptseite ?

Plagegeister aller Art und deren Bekämpfung: Western Union als Firefox-Hauptseite ?