Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: IngDiba Trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.11.2011, 21:06   #1
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



Hallo Leute, ich schilder euch mal den Fehler/Virus/problem!

Wenn ich auf der ingdiba Seite auf Online Banking gehe, MIT FIREFOX, und mich anmelde, kommt dieses Fenster. siehe link

hxxp://www.bilder-space.de/show_img.php?img=5aa5ba-1320177840.jpg&size=original


So jetzt aber folgendes.. mit dem internet explorer geht es ganz normal, also er sagt dass das Konto gesperrt ist, da ich es habe sperren lassen.

An jedem anderen PC geht es mit Internet Explorer und Firefox auch, also er sagt es ist gesperrt und es kommt nicht dieser Fehler/Trojaner oder was das ist.


Ich habe an dem besagten PC, da wo das Fenster erscheint, schon Firefox deinstalliert aber es kommt auch nach der Neuinstallation wieder.


Was kann ich tun? Ich will das Konto erst wieder entsperren lassen, wenn das alles wieder rein ist!

Vielen Dank schonmal!!

Alt 01.11.2011, 21:08   #2
markusg
/// Malware-holic
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



hiho
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe

    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 01.11.2011, 21:08   #3
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



sorry wegen dem hxxp ... muss natürlich http sein, hat er automatisch gemacht
__________________

Alt 01.11.2011, 21:13   #4
markusg
/// Malware-holic
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



kein problem, dass bekommen wir grad so noch hin :-)
bitte mit otl los legen.
aber ob ich das heute noch angucke, weis ich nicht, bitte unternimm aber in der zwischenzeit nichts mehr, morgen früh bin ich wieder da
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.11.2011, 21:13   #5
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



jop alles klar, gib mir 5 minuten


Alt 01.11.2011, 21:30   #6
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



so otl.txt logOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.11.2011 21:18:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,06% Memory free
4,22 Gb Paging File | 2,90 Gb Available in Paging File | 68,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,84 Gb Total Space | 49,43 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 5,21 Gb Total Space | 1,17 Gb Free Space | 22,39% Space Free | Partition Type: NTFS
 
Computer Name: JÜRGENS-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jürgen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla FirefoxFlo\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Programme\Packard Bell Data Secure\PBDataSecure.exe (Packard Bell BV)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6811eaa8b0f958064288a31d8e481326\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla FirefoxFlo\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Packard Bell Data Secure\DSRClick.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (KodakDigitalDisplayService) -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl5dc64bf6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3BA069E-37F2-4858-A86A-537CECE3D3BF}\MpKsl5dc64bf6.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) -- C:\Windows\System32\drivers\se2Eunic.sys (MCCI)
DRV - (SE2Eobex) -- C:\Windows\System32\drivers\SE2Eobex.sys (MCCI)
DRV - (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) -- C:\Windows\System32\drivers\se2End5.sys (MCCI)
DRV - (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\SE2Emgmt.sys (MCCI)
DRV - (SE2Emdm) -- C:\Windows\System32\drivers\SE2Emdm.sys (MCCI)
DRV - (SE2Emdfl) -- C:\Windows\System32\drivers\SE2Emdfl.sys (MCCI)
DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/babylon/deu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla FirefoxFlo\components [2011.11.01 20:50:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla FirefoxFlo\plugins
 
[2011.11.01 20:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions
[2010.06.20 22:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.18 13:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.11.01 20:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 17:07:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.29 19:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 20:43:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009.11.16 19:15:39 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.08 18:03:09 | 000,002,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{DD147E7F-5C9B-EEB1-58C4-2F3FE055DEE1}] C:\Users\Jürgen\AppData\Roaming\Ruapi\ygzyta.exe (Piranha Bytes)
O4 - HKCU..\Run: [Packard Bell Data Secure] C:\Programme\Packard Bell Data Secure\PBDataSecure.exe (Packard Bell BV)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} hxxp://www.sony.de/bravia/RegistrationAgent.cab (WalkmanRegistrar Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27DE475F-B65A-43DB-9901-28B85395F9ED}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47330F1F-A63B-4324-9598-861FC396B0D3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48BE4E7-2F64-483C-90AA-20BF878AD52F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jürgen\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jürgen\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.05 15:07:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.$$$ -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{51bef52b-91a0-11df-adcc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{51bef52b-91a0-11df-adcc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{51bef52b-91a0-11df-adcc-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{51bef52b-91a0-11df-adcc-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.01 21:16:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe
[2011.11.01 20:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla FirefoxFlo
[2011.11.01 20:47:45 | 000,000,000 | R--D | C] -- C:\Users\Jürgen\Searches
[2011.11.01 19:40:27 | 007,218,240 | ---- | C] (McAfee Inc.) -- C:\Users\Jürgen\Desktop\stinger10.2.0.351.exe
[2011.11.01 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Dokumente\Simply Super Software
[2011.11.01 19:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.11.01 19:29:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.11.01 19:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.11.01 19:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Simply Super Software
[2011.11.01 19:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.10.29 17:54:44 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Ruapi
[2011.10.29 17:54:44 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Iwwyvoh
[2011.10.25 19:17:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.25 19:17:09 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.25 19:17:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.25 19:17:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.25 19:16:10 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.25 19:15:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.25 19:15:43 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.25 19:15:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.10.25 19:15:37 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.25 19:15:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.10.25 19:15:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.10.25 19:15:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.10.25 19:15:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.10.25 19:15:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.25 19:15:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.10.25 19:15:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.10.25 19:15:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.10.25 19:15:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.10.25 19:15:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.10.25 19:15:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.25 19:15:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.25 19:15:33 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.10.25 19:15:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.10.25 19:13:43 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.25 19:13:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.07 18:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011.10.07 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.01 21:26:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B86A3625-59A9-462B-8DD1-E064080AB3D5}.job
[2011.11.01 21:18:53 | 000,643,752 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.01 21:18:53 | 000,609,328 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.01 21:18:53 | 000,132,512 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.01 21:18:53 | 000,109,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.01 21:16:54 | 000,013,072 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\nvModes.001
[2011.11.01 21:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe
[2011.11.01 21:14:58 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.11.01 21:12:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.01 21:12:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 21:12:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 21:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.01 21:11:49 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.01 20:57:17 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.01 20:50:57 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.01 20:45:02 | 000,013,072 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\nvModes.dat
[2011.11.01 20:29:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.01 20:26:44 | 000,132,136 | ---- | M] () -- C:\Users\Jürgen\Desktop\fehler1.jpg
[2011.11.01 20:24:23 | 000,000,022 | ---- | M] () -- C:\Users\Jürgen\Desktop\stinger10.2.0.351.opt
[2011.11.01 19:40:50 | 007,218,240 | ---- | M] (McAfee Inc.) -- C:\Users\Jürgen\Desktop\stinger10.2.0.351.exe
[2011.10.30 21:16:20 | 000,000,109 | ---- | M] () -- C:\Users\Jürgen\Desktop\Monster.de.URL
[2011.10.30 20:24:02 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011.10.28 19:11:20 | 000,490,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.01 20:50:57 | 000,000,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.01 20:50:57 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.01 20:26:43 | 000,132,136 | ---- | C] () -- C:\Users\Jürgen\Desktop\fehler1.jpg
[2011.11.01 20:24:23 | 000,000,022 | ---- | C] () -- C:\Users\Jürgen\Desktop\stinger10.2.0.351.opt
[2011.11.01 19:29:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.11.01 19:29:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.11.01 19:29:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.11.01 19:29:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.10.21 14:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.08.27 22:39:03 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll
[2010.08.27 22:24:07 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll
[2010.08.27 22:24:01 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010.08.27 22:24:01 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010.08.27 22:23:44 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.08.27 22:23:39 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll
[2010.08.27 22:23:18 | 000,080,384 | ---- | C] () -- C:\Windows\System32\ccmove32.dll
[2010.08.27 22:23:18 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Cc32.dll
[2009.09.13 14:57:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.13 14:57:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.20 07:00:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.11 18:08:22 | 000,000,051 | ---- | C] () -- C:\Windows\NetEasyPrint_Server_Demo.ini
[2009.06.11 18:07:38 | 000,058,910 | ---- | C] () -- C:\Windows\uinst32etzsd.ini
[2009.06.11 18:07:29 | 000,000,045 | ---- | C] () -- C:\Windows\m_s.ini
[2009.04.25 14:42:05 | 000,000,094 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\fusioncache.dat
[2008.11.11 21:35:49 | 000,000,157 | ---- | C] () -- C:\Windows\asym.ini
[2008.07.23 15:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll
[2007.09.05 19:48:36 | 000,004,096 | -H-- | C] () -- C:\Users\Jürgen\AppData\Local\keyfile3.drm
[2007.06.30 21:21:22 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007.06.22 19:14:41 | 000,008,160 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\d3d9caps.dat
[2007.06.13 21:46:32 | 000,001,788 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat
[2007.06.13 10:00:47 | 000,016,384 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.08 21:53:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.05 21:42:41 | 000,013,072 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\nvModes.001
[2007.06.05 21:42:39 | 000,013,072 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\nvModes.dat
[2006.12.19 06:20:10 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.29 08:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 16:33:31 | 000,643,752 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,132,512 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,490,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,609,328 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,109,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.09.06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll
[2006.09.06 19:41:04 | 000,000,600 | ---- | C] () -- C:\Windows\System32\hppapr02.dat
[2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.01.25 12:57:00 | 000,237,568 | ---- | C] () -- C:\Windows\uinst32etzsd.exe
[2005.11.09 11:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll
[2005.11.09 11:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll
[2005.11.09 11:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll
[2005.05.08 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll
[2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll
[2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll
 
========== LOP Check ==========
 
[2008.08.20 14:47:43 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\aAvgApi
[2011.11.01 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Canon
[2010.07.17 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\DAEMON Tools Pro
[2011.05.28 12:33:07 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\elsterformular
[2008.02.23 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\FocusDVD
[2007.07.12 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Haufe
[2011.05.18 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Haufe Mediengruppe
[2007.12.21 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\IrfanView
[2011.11.01 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Iwwyvoh
[2007.07.12 20:05:45 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Lexware
[2011.10.29 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Ruapi
[2007.06.30 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\ScanSoft
[2010.08.22 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\SharePod
[2011.11.01 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Simply Super Software
[2007.08.29 09:16:15 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template
[2010.06.20 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\TomTom
[2011.10.30 20:24:02 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011.11.01 20:57:16 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.01 21:26:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B86A3625-59A9-462B-8DD1-E064080AB3D5}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


extras.txt logOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.11.2011 21:18:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jürgen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,06% Memory free
4,22 Gb Paging File | 2,90 Gb Available in Paging File | 68,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,84 Gb Total Space | 49,43 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 5,21 Gb Total Space | 1,17 Gb Free Space | 22,39% Space Free | Partition Type: NTFS
 
Computer Name: JÜRGENS-PC | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla FirefoxFlo\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A464FA1-11FC-4CD7-9355-29E553B8171D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC75AED-21CC-4A7B-8EE0-AAA2A1809C82}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{20DCA495-E3B8-44CE-A2C4-677626A92CDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{47D234FF-58BE-4382-BCE6-CC6ED9ED6026}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4F2BC700-28CA-49EF-8D4B-95B020D3E99D}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{7C848B54-2123-406D-BC00-3D3082690AE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8B07D01B-2BC7-400A-9748-101828FD4E9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA80CC15-02EB-42F3-83A8-6D3D68E04BCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AC4118C7-D8C3-4174-ADBE-FE6D8BD63581}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B7D6DBF7-0DF2-46EF-B89D-6F85622EC58E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BC50C755-4270-494D-9029-A45CCF721335}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{02EC87EE-B4C2-4885-8851-B95A7181B05E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{4D69A9F0-8B5D-41F4-BDCD-A5B372F53877}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7F1CD492-079D-4359-9C61-FD413D4F6F5B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DAADDDC2-7CF7-4305-AC79-6F1B93397DC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E030965B-834B-4BE0-94E4-87B63C378D8D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{ED2E063E-5CC8-4B7F-A326-E90DE46C5198}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{1D603E92-3FBA-45F5-B99A-75AC0354CAD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3F94E447-4FF8-4C77-96B1-DAE4B5A62682}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{79C61FBD-930B-4BA4-8C40-5B948713D853}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{8FE7EDA5-86BD-437C-B2D2-46762285F762}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{BCE87873-3180-4B18-9D67-490EF3E69B6F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{FB7F3B2B-8B73-45F4-97B7-620D8B2E325D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R" = Canon MP600R
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BD8792-B4E0-49FB-8239-003A47A38F2E}" = TAXMAN 2007
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 23
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3563500D-85F7-48AE-A91D-811E92BA49BB}" = TAXMAN Bibliothek 2011
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{382BAB22-50F4-4F11-91F6-9A35C0FB6BE9}" = TAXMAN 2007
"{3C2622CB-0C96-4875-BAD6-E3DDF63EF5FE}" = Steuer Update 14.01
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E3A110A-7FAE-4DC0-8E39-BAFFE89724B6}" = HP User Guide 0049
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55448B7F-E602-4DC4-B9BF-792714B71640}" = TAXMAN 2007
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57456DD2-4CDD-4245-A5E6-D865CD8E0238}" = Lexware reisekosten 2009
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5
"{8CE37484-B5C2-497E-8501-D339F1D828CC}" = Lexware reisekosten 2008
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCAB4A2-1DF8-4A7A-909E-762CA9F26D2E}" = Steuer Update 14.01
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1C1C8B1-F906-48D2-B4A0-428C6319B2C9}_is1" = RGS Schullaufbahnempfehlung GS NI
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG  Küchenplaner
"{A8E97458-4089-48D2-9BEB-6FD62D4FBB33}" = TAXMAN Bibliothek 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1A4CE9C-0D98-43D0-8815-2212F3752063}" = Lexware reisekosten 2008
"{B2D05EDF-3EF8-4574-837C-EA315B3CDD73}" = Arbeitsblätter am Computer 2.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B66AE62A-5F8D-45DB-A365-4913F5050E99}" = T-Eumex 628
"{B9730F5B-AAE9-4D89-ADEC-424F8E5B9325}" = Steuer Update 14.01
"{B9A0EFD4-6B58-4849-AA8D-DCEE093F9A00}" = PIKO-Master-Control
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{BEC1F5F9-501B-43EF-834D-86CF63F64722}" = TAXMAN Bibliothek 2010
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C61187B9-2867-41F9-8D40-A94D302BAB51}" = TAXMAN 2007
"{C7B99334-41CC-445A-AF7B-A210691A72AD}" = KEDDS
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD9BA285-2A1F-4163-8DC4-A3A2B395EFB5}" = TAXMAN 2009
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EAFD70B2-FF28-45CD-B4F2-F99E82FD39A3}" = Steuer Update 14.01
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FD745DD6-2E01-4A2F-89E3-1FD5B9235BE9}" = TAXMAN 2008
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF1B3317-EADD-4AC3-BE54-37265FC9A133}" = Lexware buchhalter Servicepack 2008, Version 13.50
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"Canon MP600R Benutzerregistrierung" = Canon MP600R Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ElsterFormular für Privatanwender und Unternehmer 12.1.1.6214k" = ElsterFormular für Privatanwender und Unternehmer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fara und Fu 1" = Fara und Fu 1
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"meinHausplaner" = meinHausplaner
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Data Secure" = Packard Bell Data Secure
"PVProfit Demo" = PVProfit Demo
"RealPlayer 6.0" = RealPlayer
"Schlaumäuse 2_is1" = Schlaumäuse 2
"Sunny Design DE" = Sunny Design DE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.11.2009 13:12:23 | Computer Name = Jürgens-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18319 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: b90  Anfangszeit: 01ca6b9616c9a2a0  Zeitpunkt
 der Beendigung: 48
 
Error - 25.11.2009 12:19:10 | Computer Name = Jürgens-PC | Source = VSS | ID = 8194
Description = 
 
Error - 28.11.2009 13:27:54 | Computer Name = Jürgens-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18319 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1e8  Anfangszeit: 01ca704ed10ba087  Zeitpunkt
 der Beendigung: 0
 
Error - 30.11.2009 13:59:58 | Computer Name = Jürgens-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.12.2009 02:27:40 | Computer Name = Jürgens-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.12.2009 23:46:24 | Computer Name = Jürgens-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.12.2009 04:35:56 | Computer Name = Jürgens-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18319 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 12c4  Anfangszeit: 01ca732702c76a2a  Zeitpunkt
 der Beendigung: 0
 
Error - 06.12.2009 11:59:46 | Computer Name = Jürgens-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18319 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 113c  Anfangszeit: 01ca76889c93492e  Zeitpunkt
 der Beendigung: 47
 
Error - 06.12.2009 12:42:03 | Computer Name = Jürgens-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18319, Zeitstempel
 0x4a966702, fehlerhaftes Modul SkypeIEPlugin.dll, Version 2.2.0.78, Zeitstempel
 0x45ffd77a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed99,  Prozess-ID 0x104c,
 Anwendungsstartzeit 01ca76916558ae85.
 
Error - 06.12.2009 13:07:49 | Computer Name = Jürgens-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18319, Zeitstempel
 0x4a966702, fehlerhaftes Modul SkypeIEPlugin.dll, Version 2.2.0.78, Zeitstempel
 0x45ffd77a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed99,  Prozess-ID 0x11c8,
 Anwendungsstartzeit 01ca76931491b7b5.
 
[ OSession Events ]
Error - 08.08.2010 09:38:59 | Computer Name = Jürgens-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 78
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.10.2011 16:18:47 | Computer Name = Jürgens-PC | Source = bowser | ID = 8003
Description = 
 
Error - 31.10.2011 06:22:15 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.10.2011 13:57:44 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.10.2011 16:04:12 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 31.10.2011 16:10:10 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2011 07:00:26 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2011 07:00:55 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 01.11.2011 07:00:55 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2011 14:47:04 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.11.2011 16:13:26 | Computer Name = Jürgens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 01.11.2011, 21:55   #7
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



was ich noch hinzufügen sollte, an dem gleich PC mit nem anderen benutzer bei windows angemeldet, geht es bei internet explorer und firefox.. also es kommt die sperre, nicht das komische fenster ...

echt komisch .... was kann das sein ?

log siehe oben, wie gewünscht

Alt 02.11.2011, 10:00   #8
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



aber eigntl muss dass doch nur was bezügl firefox sein, wenn mit internet explorer alles klar geht? aber wieso geht das dann nach ner deinstallation immer noch nicht ? ...

Alt 02.11.2011, 11:43   #9
markusg
/// Malware-holic
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



hiho
achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{DD147E7F-5C9B-EEB1-58C4-2F3FE055DEE1}] C:\Users\Jürgen\AppData\Roaming\Ruapi\ygzyta.exe (Piranha Bytes)
:Files
C:\Users\Jürgen\AppData\Roaming\Ruapi
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2011, 13:08   #10
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



naja also die datei die du da beschrieben hast ist jetzt in dem ordner da .. aber wo ist die text datei? der pc ist auch während des durchführes von OTL exe abgestürzt . da stnad das programm reagiert nicht mehr muss geschlossen werden.. hab es geschlossen und neu gestartet ... dann nachgeguckt in dem ordner da ... wie gesagt, dass programm ist da ... aber wo ist die textfile? muss ich das nochmal machen? grüße

Alt 02.11.2011, 13:39   #11
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



so habs nochmal gemacht

lief alles und beim restart kam ein txt dokument inhalt wie folgt :


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{DD147E7F-5C9B-EEB1-58C4-2F3FE055DEE1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD147E7F-5C9B-EEB1-58C4-2F3FE055DEE1}\ not found.
File C:\Users\Jürgen\AppData\Roaming\Ruapi\ygzyta.exe not found.
========== FILES ==========
File\Folder C:\Users\Jürgen\AppData\Roaming\Ruapi not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Alexandra
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Gast
->Flash cache emptied: 0 bytes

User: Jürgen
->Flash cache emptied: 0 bytes

User: kodak

User: Public

User: TEMP

User: TEMP.Jürgens-PC

User: TEMP.Jürgens-PC.000

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Alexandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 716481332 bytes
->Java cache emptied: 30796127 bytes
->FireFox cache emptied: 94768621 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 2174565 bytes
->Temporary Internet Files folder emptied: 19533646 bytes
->FireFox cache emptied: 49030679 bytes
->Flash cache emptied: 0 bytes

User: Jürgen
->Temp folder emptied: 1410054396 bytes
->Temporary Internet Files folder emptied: 416841383 bytes
->Java cache emptied: 62847036 bytes
->FireFox cache emptied: 27478982 bytes
->Flash cache emptied: 0 bytes

User: kodak
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.Jürgens-PC

User: TEMP.Jürgens-PC.000

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5160 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 217179944 bytes
RecycleBin emptied: 85479459 bytes

Total Files Cleaned = 2.988,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11022011_131617

Files\Folders moved on Reboot...
C:\Users\Jürgen\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Alt 02.11.2011, 13:43   #12
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



so hab die datei hochgeladen!

Alt 02.11.2011, 14:16   #13
markusg
/// Malware-holic
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



also, erst mal danke für den upload.
du weist ja selbst, dass du einen trojaner hast, der es auf deine bank daten abgesehen hatt.
bei solcher malware kann es passieren, dass diese weitere hintertüren auf dem pc öffnet, und das evtl. weitere malware geladen wurde.
man kann also niemals sicher sein, dass wir diesen pc sauber bekommen.
die analyse des pcs war trotzdem nötig, um sich einen überblick zu verschaffen
da eine sichere bereinigung, wie gesagt, nicht möglich ist, ist es unbedingt nötig dieses system, nach datensicherung, neu zu instalieren, heißt formatieren und windows neu instalieren.
deaktiviere vor dem sichern der daten autorun:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
dann sichere bilder, dokumente, musik, alles persönliche eben.
dann formatieren wir den pc, falls du ne anleitung benötigst, bekommst du diese.
dann zeige ich dir, wie du das system richtig absicherst.
auch dazu, wie man onlinebanking noch sicherer machen kann, werde ich noch etwas sagen.
dann müssen alle passwörter geendert werden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2011, 07:53   #14
spl4sh0r
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



okay ... also im moment ist es so, nach dem ganzen stuff mit otl.exe, dass die fehlermeldung weg ist ... also wenn ich auf ingdiba gehe, und mich einloggen will, MIT FIREFOX, dann kommt halt gesperrt etc und nicht mehr trojaner ...

du meinst aber nochma komplett formatieren? wenn ich das aber im moment nicht will, kann ich diese isolierte datei da unter C:\ die ich hochgeladen hab löschen? oder soll die da bleiben? und war das der trojaner?


lg
spl4sh0r

Alt 03.11.2011, 10:27   #15
markusg
/// Malware-holic
 
IngDiba Trojaner? - Standard

IngDiba Trojaner?



naja, es geht nicht unbedingt ums wollen, überleg mal, was du weniger willst, formatieren oder einen eventuellen geld verlusst riskieren?
es ist einfach nicht möglich, 100 %ig sicher zu sagen das der pc sauber und alle trojaner gelöscht sind, denn das geht erst nach neu aufsetzen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu IngDiba Trojaner?
andere, anderen, banking, deinstalliert, erscheint, explorer, firefox, folge, gesperrt, interne, internet, internet explorer, konto, konto gesperrt, leute, melde, neuinstallation, online, online banking, schonmal, seite, sperre, sperren, troja, trojaner, trojaner?




Zum Thema IngDiba Trojaner? - Hallo Leute, ich schilder euch mal den Fehler/Virus/problem! Wenn ich auf der ingdiba Seite auf Online Banking gehe, MIT FIREFOX, und mich anmelde, kommt dieses Fenster. siehe link hxxp://www.bilder-space.de/show_img.php?img=5aa5ba-1320177840.jpg&size=original So - IngDiba Trojaner?...
Archiv
Du betrachtest: IngDiba Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.