Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 50 Euro Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.03.2012, 15:00   #1
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Hallo!
Ich habe mir auch den 50 Euro Trojaner eingefangen und will hiermit um Hilfe bitten. Den OTL Scan habe ich jetzt mal durchlaufen lassen.

Hier das OTL Logfile
Zitat:
OTL logfile created on: 3/6/2012 3:36:15 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458.21 Gb Total Space | 228.98 Gb Free Space | 49.97% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 8.19 Gb Free Space | 1.76% Space Free | Partition Type: NTFS
Drive I: | 7.55 Gb Total Space | 1.01 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/08 13:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 06:20:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/23 09:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/04/30 04:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/08/29 09:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/07 04:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/04/28 12:26:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 10:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/20 09:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - [2011/07/08 13:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/08 13:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/16 07:21:16 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/23 06:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/11/19 08:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009/11/19 08:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009/11/19 08:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009/11/19 08:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009/11/19 08:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009/11/19 08:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009/11/19 08:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009/10/20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/05 03:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/06 03:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 01:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 01:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 01:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/12/11 18:51:28 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2007/12/04 23:01:00 | 007,580,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/03 11:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2001/09/17 11:07:54 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\Windows\System32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/itm/150763617330?ssPageName=STRK:MEWAX:IT&_trksid=p3984.m1423.l2649
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 11:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012/01/25 15:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files\DNA [2008/08/30 14:25:17 | 000,000,000 | ---D | M]

[2010/01/16 15:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2009/08/01 06:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/12/22 16:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions
[2011/12/22 16:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/03 07:43:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/14 05:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/14 05:03:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/22 12:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/19 15:41:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/25 10:52:32 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2010/03/10 17:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 17:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 17:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 17:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/07/16 22:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/10 17:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/10 17:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009/12/21 22:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009/12/21 22:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009/12/21 22:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/12/21 22:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/12/21 22:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX2bt1oYNKCLnkO] C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\Admin_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Admin_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Program Files\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKU\Admin_ON_C Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O24 - Desktop WallPaper: C:\Background\sas-background.bmp
O24 - Desktop BackupWallPaper: C:\Background\sas-background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 09:44:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{20b68710-1240-11df-b62d-001e8cc58020}\Shell\AutoRun\command - "" = G:\PCStart.exe
O33 - MountPoints2\{33c1271d-aae3-11de-8af8-001e8cc58020}\Shell\AutoRun\command - "" = G:\.\samy_deluxe.exe
O33 - MountPoints2\{979e71c1-8edf-11de-9b11-001e8cc58020}\Shell\AutoRun\command - "" = L:\WDSetup.exe
O33 - MountPoints2\{98f55385-3f1f-11de-9c59-001e8cc58020}\Shell\AutoRun\command - "" = G:\APPInst.exe
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{d61e73ff-7e8a-11de-82fa-001e8cc58020}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e42dfddf-c439-11dd-8308-806e6f6e6963}\Shell\AutoRun\command - "" = K:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 14:35:39 | 000,305,664 | ---- | C] (Cutting Edge Software Inc.) -- C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe
[2012/02/22 11:06:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/20 04:52:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012/02/20 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2010/04/17 15:58:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe587C.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 14:49:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/03 14:49:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 14:43:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000UA.job
[2012/03/03 14:38:47 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012/03/03 14:38:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 14:38:46 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/03/03 14:38:39 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:38:39 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/03 14:35:36 | 000,305,664 | ---- | M] (Cutting Edge Software Inc.) -- C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe
[2012/03/03 14:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2012/03/02 19:32:15 | 000,124,928 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 16:43:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000Core.job
[2012/02/29 23:55:26 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/29 23:55:26 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/25 19:33:55 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/25 19:33:55 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 19:33:55 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/25 19:33:55 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/22 11:06:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/20 20:30:32 | 000,000,302 | ---- | M] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen Autoteile & Reifen eBay Kleinanzeigen.url
[2012/02/20 04:52:06 | 000,120,320 | ---- | M] () -- C:\Windows\System32\czip.ocx
[2012/02/20 04:52:06 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012/02/19 20:55:01 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Indirekte LED Beleuchtung Küche - YouTube.url
[2012/02/19 19:58:38 | 000,000,139 | ---- | M] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012/02/15 06:59:53 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2012/02/11 08:59:44 | 000,000,123 | ---- | M] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012/02/10 19:12:26 | 000,000,144 | ---- | M] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012/02/10 18:26:41 | 000,000,201 | ---- | M] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012/02/07 20:54:53 | 000,000,119 | ---- | M] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012/02/07 18:09:12 | 000,000,118 | ---- | M] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012/02/06 13:32:01 | 000,000,232 | ---- | M] () -- C:\Users\Admin\Desktop\Wandregal Belly Mortons Art Palace - Indische Möbel, chinesische Einrichtung, asiatisches Design - Wohnen mit Stil Wandr.url
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 14:49:46 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/20 20:30:32 | 000,000,302 | ---- | C] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen Autoteile & Reifen eBay Kleinanzeigen.url
[2012/02/20 04:52:06 | 000,120,320 | ---- | C] () -- C:\Windows\System32\czip.ocx
[2012/02/19 19:58:38 | 000,000,139 | ---- | C] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012/02/11 08:59:44 | 000,000,123 | ---- | C] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012/02/10 19:12:26 | 000,000,144 | ---- | C] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012/02/10 18:26:41 | 000,000,201 | ---- | C] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012/02/07 20:54:53 | 000,000,119 | ---- | C] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012/02/07 18:09:12 | 000,000,118 | ---- | C] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012/02/06 21:20:22 | 000,000,206 | ---- | C] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2011/04/24 06:02:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/24 06:02:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/27 16:56:57 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/11/11 13:01:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/01/06 09:42:45 | 000,000,220 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/09/27 11:12:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/09/27 11:11:43 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/09/27 05:59:45 | 000,000,068 | ---- | C] () -- C:\Windows\SBWIN.INI
[2009/03/09 08:03:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/09 08:03:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/30 16:35:59 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/04/28 14:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/28 12:33:34 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/04/28 12:20:51 | 000,401,408 | ---- | C] () -- C:\Windows\System32\stepbuttons.dll
[2008/04/28 12:20:51 | 000,124,416 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/04/28 12:20:50 | 000,140,800 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2008/04/28 10:49:15 | 000,124,928 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/28 10:35:42 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/03/27 17:33:55 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/03/27 17:33:55 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/03/27 17:33:55 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/03/27 17:33:55 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/03/27 09:38:51 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/03/27 09:24:17 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/03/27 09:21:35 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/27 09:21:35 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/03/29 17:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,726,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/09/17 18:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/06/05 19:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll

========== LOP Check ==========

[2009/07/28 17:00:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anvil Studio
[2010/11/11 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apowersoft
[2012/02/20 04:52:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2009/01/14 14:37:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2008/08/30 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2010/08/03 07:43:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/04/28 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Easy Thumbnails
[2010/11/06 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2010/07/24 02:31:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICAClient
[2011/10/14 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2011/10/26 16:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mipony
[2008/08/13 02:47:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2008/08/10 07:21:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2010/04/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010/04/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Setup
[2010/01/06 09:42:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2009/08/01 06:35:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TomTom
[2010/11/26 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TotalRecorder
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/01/07 06:32:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/07/24 01:45:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/01/10 04:28:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/04/13 09:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 16:46:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2008/03/27 09:44:39 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2009/07/28 16:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011/04/21 13:13:44 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008/03/27 09:49:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/01 06:36:36 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/28 10:11:35 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010/08/12 06:49:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/28 10:59:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/28 06:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2012/03/03 14:49:46 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/03/02 21:24:54 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/03 14:38:46 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/03/03 14:38:47 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012/03/03 14:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========


< End of report >

Alt 06.03.2012, 15:11   #2
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [VX2bt1oYNKCLnkO] C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - HKU\Admin_ON_C..\Run: [VX2bt1oYNKCLnkO] C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge
Software Inc.)
O20 - HKU\Admin_ON_C Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) - C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe (Cutting Edge
Software Inc.)
:Files
C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 06.03.2012, 15:58   #3
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



OTL hat nach dem Fix nicht neugestartet (trotz Hinweisfenster) und nicht mehr reagiert. Nach manuellem Neustart ohne CD startete zwar Windows aber fuhr nicht ganz hoch, nur blauer Standarddesktop ohne Symbole und ohne Windowsleiste, Taskmanager war nicht bedienbar (durch Administrator gesperrt). Habe den Rechner nun wieder mit der CD gestartet.

OTL.txt hat sich nach dem Fix nicht geaendert, darum habe ich den Scan jetzt nochmal laufen lassen.
In dem moved Files Verzeichnis ist nur die Datei h6s5ruij653.exe. Soll ich die Datei im Upload Channel hochladen?

Hier das neue OTL logfile nach dem Neustart mit CD
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/6/2012 4:51:30 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458.21 Gb Total Space | 226.43 Gb Free Space | 49.42% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 8.19 Gb Free Space | 1.76% Space Free | Partition Type: NTFS
Drive I: | 7.55 Gb Total Space | 1.01 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/08 13:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 06:20:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/23 09:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/04/30 04:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/08/29 09:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/07 04:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/04/28 12:26:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 10:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/20 09:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (SymIM)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EraserUtilRebootDrv)
DRV - [2011/07/08 13:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/08 13:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/16 07:21:16 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/23 06:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/11/19 08:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009/11/19 08:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009/11/19 08:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009/11/19 08:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009/11/19 08:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009/11/19 08:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009/11/19 08:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009/10/20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/05 03:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/06 03:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 01:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 01:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 01:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/12/11 18:51:28 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2007/12/04 23:01:00 | 007,580,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/03 11:18:12 | 000,099,840 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2001/09/17 11:07:54 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\Windows\System32\PfModNT.sys -- (PfModNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerst
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 11:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012/01/25 15:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files\DNA [2008/08/30 14:25:17 | 000,000,000 | ---D | M]
 
[2010/01/16 15:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2009/08/01 06:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/12/22 16:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions
[2011/12/22 16:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/03 07:43:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/14 05:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 12:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/14 05:03:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/01/22 12:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/19 15:41:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/25 10:52:32 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2010/03/10 17:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 17:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 17:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 17:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/07/16 22:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/10 17:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/10 17:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009/12/21 22:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009/12/21 22:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009/12/21 22:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/12/21 22:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/12/21 22:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found
O4 - HKLM..\Run: [hpsysdrv] C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD]  File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX2bt1oYNKCLnkO]  File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\Admin_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Admin_ON_C..\Run: [VX2bt1oYNKCLnkO]  File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Program Files\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
O20 - HKU\Admin_ON_C Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
O24 - Desktop WallPaper: C:\Background\sas-background.bmp
O24 - Desktop BackupWallPaper: C:\Background\sas-background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 09:44:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{20b68710-1240-11df-b62d-001e8cc58020}\Shell\AutoRun\command - "" = G:\PCStart.exe
O33 - MountPoints2\{33c1271d-aae3-11de-8af8-001e8cc58020}\Shell\AutoRun\command - "" = G:\.\samy_deluxe.exe
O33 - MountPoints2\{979e71c1-8edf-11de-9b11-001e8cc58020}\Shell\AutoRun\command - "" = L:\WDSetup.exe
O33 - MountPoints2\{98f55385-3f1f-11de-9c59-001e8cc58020}\Shell\AutoRun\command - "" = G:\APPInst.exe
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{d61e73ff-7e8a-11de-82fa-001e8cc58020}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e42dfddf-c439-11dd-8308-806e6f6e6963}\Shell\AutoRun\command - "" = K:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/06 16:41:35 | 000,000,000 | ---D | C] -- C:\Copy of _OTL
[2012/03/06 16:17:54 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/06 16:17:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 11:06:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/20 04:52:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012/02/20 04:52:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2010/04/17 15:58:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe587C.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/06 10:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 10:32:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 10:32:49 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012/03/06 10:32:48 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/03/06 10:32:37 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 10:32:37 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 10:32:32 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 10:28:24 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/03/06 10:28:24 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/06 10:28:24 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/03/06 10:28:24 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 10:26:48 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/06 10:26:48 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/03/03 14:43:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000UA.job
[2012/03/03 14:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/03 14:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2012/03/02 19:32:15 | 000,124,928 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 16:43:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000Core.job
[2012/02/22 11:06:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/20 20:30:32 | 000,000,302 | ---- | M] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen  Autoteile & Reifen  eBay Kleinanzeigen.url
[2012/02/20 04:52:06 | 000,120,320 | ---- | M] () -- C:\Windows\System32\czip.ocx
[2012/02/20 04:52:06 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012/02/19 20:55:01 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Indirekte LED Beleuchtung Küche - YouTube.url
[2012/02/19 19:58:38 | 000,000,139 | ---- | M] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012/02/15 06:59:53 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2012/02/11 08:59:44 | 000,000,123 | ---- | M] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012/02/10 19:12:26 | 000,000,144 | ---- | M] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012/02/10 18:26:41 | 000,000,201 | ---- | M] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012/02/07 20:54:53 | 000,000,119 | ---- | M] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012/02/07 18:09:12 | 000,000,118 | ---- | M] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012/02/06 13:32:01 | 000,000,232 | ---- | M] () -- C:\Users\Admin\Desktop\Wandregal Belly  Mortons Art Palace - Indische Möbel, chinesische Einrichtung, asiatisches Design - Wohnen mit Stil  Wandr.url
 
========== Files Created - No Company Name ==========
 
[2012/03/06 10:23:22 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/20 20:30:32 | 000,000,302 | ---- | C] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen  Autoteile & Reifen  eBay Kleinanzeigen.url
[2012/02/20 04:52:06 | 000,120,320 | ---- | C] () -- C:\Windows\System32\czip.ocx
[2012/02/19 19:58:38 | 000,000,139 | ---- | C] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012/02/11 08:59:44 | 000,000,123 | ---- | C] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012/02/10 19:12:26 | 000,000,144 | ---- | C] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012/02/10 18:26:41 | 000,000,201 | ---- | C] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012/02/07 20:54:53 | 000,000,119 | ---- | C] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012/02/07 18:09:12 | 000,000,118 | ---- | C] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012/02/06 21:20:22 | 000,000,206 | ---- | C] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2011/04/24 06:02:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/24 06:02:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/27 16:56:57 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/11/11 13:01:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/01/06 09:42:45 | 000,000,220 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/09/27 11:12:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/09/27 11:11:43 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/09/27 05:59:45 | 000,000,068 | ---- | C] () -- C:\Windows\SBWIN.INI
[2009/03/09 08:03:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/09 08:03:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/30 16:35:59 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/04/28 14:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/28 12:33:34 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/04/28 12:20:51 | 000,401,408 | ---- | C] () -- C:\Windows\System32\stepbuttons.dll
[2008/04/28 12:20:51 | 000,124,416 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/04/28 12:20:50 | 000,140,800 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2008/04/28 10:49:15 | 000,124,928 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/28 10:35:42 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/03/27 17:33:55 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/03/27 17:33:55 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/03/27 17:33:55 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/03/27 17:33:55 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/03/27 09:38:51 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/03/27 09:24:17 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/03/27 09:21:35 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/27 09:21:35 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/03/29 17:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,726,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/09/17 18:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/06/05 19:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
========== LOP Check ==========
 
[2009/07/28 17:00:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anvil Studio
[2010/11/11 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apowersoft
[2012/02/20 04:52:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2009/01/14 14:37:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2008/08/30 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2010/08/03 07:43:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/04/28 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Easy Thumbnails
[2010/11/06 19:45:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2010/07/24 02:31:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICAClient
[2011/10/14 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2011/10/26 16:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mipony
[2008/08/13 02:47:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2008/08/10 07:21:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2010/04/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010/04/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Setup
[2010/01/06 09:42:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2009/08/01 06:35:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TomTom
[2010/11/26 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TotalRecorder
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/01/07 06:32:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/07/24 01:45:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/01/10 04:28:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/04/13 09:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 16:46:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2008/03/27 09:44:39 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2009/07/28 16:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011/04/21 13:13:44 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008/03/27 09:49:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/01 06:36:36 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2008/04/28 10:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/28 10:11:35 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010/08/12 06:49:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/28 10:59:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/28 06:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2012/03/06 10:34:18 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/06 10:32:48 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012/03/06 10:32:49 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012/03/03 14:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---
__________________

Alt 06.03.2012, 16:38   #4
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found
O4 - HKLM..\Run: [KBD]  File not found
O4 - HKLM..\Run: [VX2bt1oYNKCLnkO]  File not found
O4 - HKU\Admin_ON_C..\Run: [VX2bt1oYNKCLnkO]  File not found
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
O20 - HKU\Admin_ON_C Winlogon: UserInit - (C:\Users\Admin\AppData\Roaming\h6s5ruij653.exe) -  File not found
:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2012, 17:01   #5
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Der Rechner ist nun wieder problemlos hochgefahren.

Ich wollte gerade den MovedFiles Ordner zippen aber antivir lässt dies nicht zu. Wie kann ich es sonst gefahrenfrei uploaden?

Das aktuelle Log-File ist das hier:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.03.2012 17:54:06 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = F:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,21 Gb Total Space | 228,61 Gb Free Space | 49,89% Space Free | Partition Type: NTFS
Drive D: | 7,55 Gb Total Space | 1,00 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 8,18 Gb Free Space | 1,76% Space Free | Partition Type: NTFS
Drive F: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HP_QUAD | User Name: Admin
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.08 19:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 12:20:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.23 15:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 11:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.08.07 10:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.04.28 18:26:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.03.20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (SymIM)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EraserUtilRebootDrv)
DRV - [2011.07.08 19:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.08 19:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.16 13:21:16 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.11.23 12:40:40 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010.09.23 08:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009.11.19 14:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009.11.19 14:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009.11.19 14:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009.11.19 14:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009.11.19 14:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009.11.19 14:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009.11.19 14:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009.10.21 02:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.10.05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.12.12 00:51:28 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2007.12.05 05:01:00 | 007,580,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.03 17:18:12 | 000,099,840 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005.12.12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2001.09.17 17:07:54 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- C:\Windows\System32\PfModNT.sys -- (PfModNT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-21-149490994-851355245-691603875-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-149490994-851355245-691603875-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/itm/150763617330?ssPageName=STRK:MEWAX:IT&_trksid=p3984.m1423.l2649
IE - HKU\S-1-5-21-149490994-851355245-691603875-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-149490994-851355245-691603875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-149490994-851355245-691603875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.22 17:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 21:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012.01.25 21:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files\DNA [2008.08.30 20:25:17 | 000,000,000 | ---D | M]
 
[2010.01.16 21:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2009.08.01 12:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.12.22 22:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ni8ygwyi.default\extensions
[2011.12.22 22:24:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 13:43:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\ni8ygwyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.14 11:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.07.01 18:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.14 11:03:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.01.22 18:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.19 21:41:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.12.25 16:52:32 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2010.03.10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.03.10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.03.10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.03.10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007.08.29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010.03.10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-149490994-851355245-691603875-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-149490994-851355245-691603875-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [hpsysdrv] C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-149490994-851355245-691603875-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-149490994-851355245-691603875-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-149490994-851355245-691603875-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [OTL] C:\OTLPE.exe (OldTimer Tools)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\S-1-5-21-149490994-851355245-691603875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\S-1-5-21-149490994-851355245-691603875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\S-1-5-21-149490994-851355245-691603875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\program files\aol\aol toolbar 5.0\resources\de-AT\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Background\sas-background.bmp
O24 - Desktop BackupWallPaper: C:\Background\sas-background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.27 15:44:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{20b68710-1240-11df-b62d-001e8cc58020}\Shell\AutoRun\command - "" = G:\PCStart.exe
O33 - MountPoints2\{33c1271d-aae3-11de-8af8-001e8cc58020}\Shell\AutoRun\command - "" = G:\.\samy_deluxe.exe
O33 - MountPoints2\{979e71c1-8edf-11de-9b11-001e8cc58020}\Shell\AutoRun\command - "" = L:\WDSetup.exe
O33 - MountPoints2\{98f55385-3f1f-11de-9c59-001e8cc58020}\Shell\AutoRun\command - "" = G:\APPInst.exe
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{cfcc8d03-47b2-11df-9190-001e8cc58020}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{d61e73ff-7e8a-11de-82fa-001e8cc58020}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell - "" = AutoRun
O33 - MountPoints2\{e232cfe3-49e4-11df-9cd7-001e8cc58020}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e42dfddf-c439-11dd-8308-806e6f6e6963}\Shell\AutoRun\command - "" = K:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\reatogoMenu.exe -- [2005.07.16 22:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 22:41:35 | 000,000,000 | ---D | C] -- C:\Copy of _OTL
[2012.03.06 22:17:54 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.03.06 22:17:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.22 17:06:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.20 10:52:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012.02.20 10:52:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2010.04.17 21:58:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe587C.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 17:55:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012.03.06 17:43:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000UA.job
[2012.03.06 17:37:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 17:37:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 17:36:59 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.03.06 17:36:47 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 17:36:47 | 000,003,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 17:36:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 17:36:41 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.06 16:28:24 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.06 16:28:24 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.06 16:28:24 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.06 16:28:24 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.06 16:26:48 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.06 16:26:48 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.03 20:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2012.03.03 01:32:15 | 000,124,928 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.02 22:43:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-149490994-851355245-691603875-1000Core.job
[2012.02.22 17:06:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.02.21 02:30:32 | 000,000,302 | ---- | M] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen  Autoteile & Reifen  eBay Kleinanzeigen.url
[2012.02.20 10:52:06 | 000,120,320 | ---- | M] () -- C:\Windows\System32\czip.ocx
[2012.02.20 10:52:06 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfx32.dll
[2012.02.20 02:55:01 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Indirekte LED Beleuchtung Küche - YouTube.url
[2012.02.20 01:58:38 | 000,000,139 | ---- | M] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012.02.15 12:59:53 | 000,000,206 | ---- | M] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2012.02.11 14:59:44 | 000,000,123 | ---- | M] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012.02.11 01:12:26 | 000,000,144 | ---- | M] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012.02.11 00:26:41 | 000,000,201 | ---- | M] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012.02.08 02:54:53 | 000,000,119 | ---- | M] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012.02.08 00:09:12 | 000,000,118 | ---- | M] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012.02.06 19:32:01 | 000,000,232 | ---- | M] () -- C:\Users\Admin\Desktop\Wandregal Belly  Mortons Art Palace - Indische Möbel, chinesische Einrichtung, asiatisches Design - Wohnen mit Stil  Wandr.url
 
========== Files Created - No Company Name ==========
 
[2012.03.06 16:23:22 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.21 02:30:32 | 000,000,302 | ---- | C] () -- C:\Users\Admin\Desktop\Audi A4,A6,TT 19 Zoll Rotor Satz 255-35ZR 19 96Y Reifen Original in Bayern - Vöhringen  Autoteile & Reifen  eBay Kleinanzeigen.url
[2012.02.20 10:52:06 | 000,120,320 | ---- | C] () -- C:\Windows\System32\czip.ocx
[2012.02.20 01:58:38 | 000,000,139 | ---- | C] () -- C:\Users\Admin\Desktop\Vinyl & CD Börse.url
[2012.02.11 14:59:44 | 000,000,123 | ---- | C] () -- C:\Users\Admin\Desktop\Motive Company.url
[2012.02.11 01:12:26 | 000,000,144 | ---- | C] () -- C:\Users\Admin\Desktop\The 50 Best Henry Rollins Quotes - Spinner.url
[2012.02.11 00:26:41 | 000,000,201 | ---- | C] () -- C:\Users\Admin\Desktop\Lotus Grill.url
[2012.02.08 02:54:53 | 000,000,119 | ---- | C] () -- C:\Users\Admin\Desktop\Of Freaks and Inks Self-Identifying Jack Dracula.url
[2012.02.08 00:09:12 | 000,000,118 | ---- | C] () -- C:\Users\Admin\Desktop\Famous Fat Dave's Five Borough Eating Tour on the Wheels of Steel!.url
[2012.02.07 03:20:22 | 000,000,206 | ---- | C] () -- C:\Users\Admin\Desktop\Sonja Schmidt - Ein Himmelblauer Trabant [1971] - YouTube.url
[2011.04.24 12:02:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 12:02:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.11.27 22:56:57 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.11.11 19:01:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.01.06 15:42:45 | 000,000,220 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009.09.27 17:12:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.27 17:11:43 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.09.27 11:59:45 | 000,000,068 | ---- | C] () -- C:\Windows\SBWIN.INI
[2009.03.09 14:03:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.09 14:03:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.30 22:35:59 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.04.28 20:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.28 18:33:34 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.04.28 18:20:51 | 000,401,408 | ---- | C] () -- C:\Windows\System32\stepbuttons.dll
[2008.04.28 18:20:51 | 000,124,416 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.04.28 18:20:50 | 000,140,800 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2008.04.28 16:49:15 | 000,124,928 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.28 16:35:42 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008.03.27 23:33:55 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.03.27 23:33:55 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.03.27 23:33:55 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.03.27 23:33:55 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.03.27 15:38:51 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.03.27 15:24:17 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008.03.27 15:21:35 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.03.27 15:21:35 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,726,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002.06.06 01:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
========== LOP Check ==========
 
[2009.07.28 23:00:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Anvil Studio
[2010.11.11 19:01:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apowersoft
[2012.02.20 10:52:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASCON Installer
[2009.01.14 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent
[2008.08.30 23:56:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2010.08.03 13:43:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.04.28 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Easy Thumbnails
[2010.11.07 01:45:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2010.07.24 08:31:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICAClient
[2011.10.14 22:46:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2011.10.26 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mipony
[2008.08.13 08:47:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2008.08.10 13:21:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2010.04.17 18:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010.04.17 18:56:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Setup
[2010.01.06 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2009.08.01 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TomTom
[2010.11.26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TotalRecorder
[2008.04.28 16:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.01.07 12:32:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010.07.24 07:45:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.04.28 16:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.04.28 16:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009.01.10 10:28:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009.04.13 15:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011.10.14 22:46:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2008.03.27 15:44:39 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2009.07.28 22:37:37 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011.04.21 19:13:44 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008.03.27 15:49:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.04.28 16:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009.08.01 12:36:36 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2008.04.28 16:06:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008.04.28 16:11:35 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010.08.12 12:49:59 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.02.28 16:59:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.11.28 12:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2012.03.06 16:34:18 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.06 17:36:59 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.03.06 17:55:01 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012.03.03 20:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---


Alt 06.03.2012, 17:45   #6
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



lass das mit dem upload weg.
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
wenn fertig, bitte melden
__________________
--> 50 Euro Trojaner

Alt 06.03.2012, 21:55   #7
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Die Updates sind nun abgeschlossen und die Einstellungen habe ich nun so wie von dir beschrieben, vorgenommen.

Alt 07.03.2012, 11:32   #8
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



1. öffne malwarebytes, logdateien, poste alle bisher erstellten berichte.
2
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.03.06 17:36:59 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.03.06 17:55:01 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2012.03.03 20:23:01 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.03.2012, 17:07   #9
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Hier die Malwarebytes Logdatei:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: HP_QUAD [Administrator]

08.03.2012 10:22:45
mbam-log-2012-03-08 (12-31-12)_.txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455300
Laufzeit: 2 Stunde(n), 2 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5ueDxYLo-I543-1otK-kGTs-C9Y55G4HYphK} (Backdoor.Agent) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio 180 (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\UO8KTAT1GY (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Windows\UNWISE.EXE (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Keine Aktion durchgeführt.

(Ende)
Hier das OTL-File nach dem letzten Fix.
Zitat:
========== OTL ==========
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Admin
->Temp folder emptied: 4531230 bytes
->Temporary Internet Files folder emptied: 310731271 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5984 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 301,00 mb


[EMPTYTEMP]

User: Admin
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 98304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40313289 bytes

Total Files Cleaned = 39,00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 03082012_175416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 08.03.2012, 17:13   #10
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



hast du Malwarebytes die funde entfernen lassen?
mache mal ein
falls nein, updaten und erneut scannen bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.03.2012, 22:35   #11
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Ja die Malwarebytes Funde habe ich entfernen lassen. (Ich habe vor dem scan ein update gemacht)

Alt 09.03.2012, 10:32   #12
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.03.2012, 00:28   #13
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Hier ist die Liste:
Zitat:
Ad-Aware Lavasoft 27.11.2010 60,1MB notwendig
Adobe Download Manager NOS Microsystems Ltd. 03.10.2009 0,37MB 1.6.2.48 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 22.09.2011 10.3.183.10 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.01.2010 10.0.42.34 notwendig
Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 03.10.2009 234MB 9.1.0 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 13.02.2010 8,36MB 11.5.6.606 notwendig
Ant Renamer Ant Software 27.04.2008 2,82MB 2.09.0 notwendig
Apple Application Support Apple Inc. 24.01.2012 61,1MB 2.1.6 notwendig
Apple Mobile Device Support Apple Inc. 24.01.2012 24,1MB 4.0.0.97 notwendig
Apple Software Update Apple Inc. 22.09.2011 2,38MB 2.1.3.127 notwendig
Audio Recorder Pro 3.70 26.09.2009 6,80MB notwendig
Audiograbber 1.83 SE Audiograbber Deutschland 05.03.2010 1.83 SE notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 74,1MB 10.2.0.707 notwendig
Bonjour Apple Inc. 11.10.2011 0,92MB 3.0.0.10 unbekannt
CCleaner Piriform 08.03.2012 2,71MB 3.16 notwendig
Citrix Online Plug-in - Web Citrix Systems, Inc. 23.07.2010 14,5MB 12.0.0.6410 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 26.03.2008 56,2MB 12.0.4518.1014 unbekannt
Creative Jukebox Driver 26.09.2009 0,73MB notwendig
Creative NOMAD II Driver 26.09.2009 26,0MB notwendig
CyberLink DVD Suite Deluxe CyberLink Corp. 02.04.2008 49,2MB 5.5.1126 notwendig
DVD Decrypter (Remove Only) 27.04.2008 0,91MB notwendig
Easy Thumbnails (Remove only) Fookes Software 27.04.2008 2,51MB 3.0 notwendig
FileZilla Client 3.1.0.1 09.08.2008 12,9MB 3.1.0.1 notwendig
Firebird SQL Server - MAGIX Edition MAGIX AG 11.05.2011 10,1MB 2.1.27.0 unbekannt
FLV Player 2.0 (build 25) Martijn de Visser 04.02.2011 1,95MB 2.0 (build 25) notwendig
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 02.08.2010 3,09MB notwendig
Free YouTube to MP3 Converter version 3.7 DVDVideoSoft Limited. 02.08.2010 3,37MB notwendig
Google Chrome Google Inc. 24.12.2011 254MB 17.0.963.78 notwendig
Google Earth Plug-in Google 17.11.2011 40,9MB 6.1.0.5001 notwendig
Hardware Diagnose Tools PC-Doctor, Inc. 02.04.2008 142,8MB 5.1.4708.19 unbekannt
HDD Health v3.3 Beta 23.12.2008 2,50MB notwendig
HijackThis 2.0.2 TrendMicro 26.09.2009 0,40MB 2.0.2 notwendig
HP Active Support Library 26.03.2008 notwendig
HP Customer Experience Enhancements Hewlett-Packard 26.03.2008 0,98MB 5.6.0.2499 notwendig
HP Easy Setup - Frontend Hewlett-Packard 26.03.2008 1,98MB 5.6.0.2542 notwendig
HP On-Screen Cap/Num/Scroll Lock Indicator Hewlett-Packard 02.04.2008 notwendig
HP Photosmart Essential 2.5 HP 02.04.2008 3,21MB 2.5 notwendig
HP Total Care Advisor Hewlett-Packard 26.03.2008 30,3MB 1.6.12.2542 notwendig
HP Update Hewlett-Packard 26.03.2008 3,52MB 4.000.007.003 notwendig
iCloud Apple Inc. 24.01.2012 22,4MB 1.0.2.17 notwendig
Intel(R) Matrix Storage Manager 02.04.2008 3,77MB notwendig
iTunes Apple Inc. 24.01.2012 169,7MB 10.5.3.3 notwendig
Java(TM) 6 Update 31 Oracle 06.03.2012 95,1MB 6.0.310 notwendig
Java(TM) SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 26.03.2008 167,3MB 1.6.0.10 notwendig
LabelPrint CyberLink Corp. 02.04.2008 204MB 2.2.2329 notwendig
LightScribe System Software 1.14.17.1 LightScribe 29.12.2008 21,0MB 1.14.17.1 notwendig
MAGIX Audio Cleaning Lab 15 deluxe Download version 10.0.2.0 (UK) MAGIX AG 26.09.2009 190,1MB 10.0.2.0 notwendig
MAGIX Screenshare MAGIX AG 11.05.2011 1,43MB 4.3.6.1987 notwendig
MAGIX Screenshare 4.3.6.1987 (UK) MAGIX AG 26.09.2009 1,86MB 4.3.6.1987 notwendig
MAGIX Speed burnR (MSI) MAGIX AG 11.05.2011 53,3MB 7.0.1.27 notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 06.03.2012 3,99MB 1.60.1.1000 notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 08.03.2009 37,0MB notwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 14.02.2009 37,0MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 05.03.2012 120,3MB 4.0.30319 notwendig
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 26.03.2008 89,0MB 12.0.4518.1014 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.04.2010 0,33MB 8.0.59193 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.03.2009 0,58MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.04.2010 0,58MB 9.0.30729.4148 notwendig
Microsoft Works Microsoft Corporation 26.03.2008 9.7.0621 notwendig
MiPony 1.2.3 11.05.2011 7,80MB 1.2.3 notwendig
MobileMe Control Panel Apple Inc. 24.01.2012 12,9MB 3.1.8.0 unbekannt
Mozilla Firefox (3.5.7) Mozilla 15.01.2010 30,7MB 3.5.7 (de) notwendig
Mozilla Firefox 4.0b8 (x86 de) Mozilla 24.12.2010 27,8MB 4.0b8 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09.01.2009 1,28MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.08.2011 1,34MB 4.20.9876.0 notwendig
Nero 9 Nero AG 29.12.2008 1.123MB notwendig
NVIDIA Drivers 01.03.2009 notwendig
OpenOffice.org 2.4 OpenOffice.org 27.04.2008 328MB 2.4.9286 notwendig
Optimierte Multimedia-Tastatur-Lösung Hewlett-Packard 02.04.2008 6,85MB unbekannt
Power2Go CyberLink Corp. 02.04.2008 137,0MB 5.6.3610 unnötig
PowerDirector CyberLink Corp. 26.03.2008 325MB 6.5.2420 unnötig
QuickTime Apple Inc. 24.01.2012 73,3MB 7.71.80.42 notwendig
RealPlayer RealNetworks 01.08.2008 45,0MB notwendig
Realtek High Definition Audio Driver 26.03.2008 notwendig
SmartFTP Client SmartSoft 09.08.2008 17,7MB 3.0.1014.6 notwendig
SmartFTP Client 3.0 Setup Files (remove only) SmartSoft 27.04.2008 7,78MB 3.0 notwendig
Text-To-Speech-Runtime Magix Development GmbH 11.05.2011 0,25MB 1.0.0.0 unbekannt
TomTom HOME 2.6.2.1586 TomTom 31.07.2009 46,9MB 2.6.2.1586 notwendig
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 31.07.2009 1,88MB 1.0.2 notwendig
Uninstall 1.0.0.1 02.08.2010 30,7MB unbekannt
VideoLAN VLC media player 0.8.6f VideoLAN Team 27.04.2008 32,6MB 0.8.6f notwendig
VueScan 24.05.2008 22,3MB notwendig
Winamp Nullsoft, Inc 27.04.2008 28,1MB 5.531 notwendig
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) Nokia 09.08.2008 43,2MB 05/22/2008 3.8 unnötig
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 15.09.2008 56,7MB 10/12/2007 6.85.4.0 unnötig
WinISO 5.3 WinISO Computing Inc. 28.10.2008 1,16MB notwendig
WinRAR 27.04.2008 3,66MB notwendig

Alt 10.03.2012, 15:39   #14
markusg
/// Malware-holic
 
50 Euro Trojaner - Standard

50 Euro Trojaner



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
HijackThis kann man unter vista und win7 nur bedingt gebrauchen, weg damit.

Java(TM) SE Runtime Environment 6 Update 1

firefox upgraden:
Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar
alte versionen deinstalieren.
OpenOffice:
OpenOffice.org: Startseite (deutsch)
aktuell version 3, instalierren bitte

deinstaliere:
Power2Go
PowerDirector
VideoLAN VLC
VideoLAN - Official page for VLC media player, the Open Source video framework!
aktuell version 2, laden und instalieren.

öffne otl, bereinigen neustart.
öffne CCleaner analysieren bereinigen neustart, testen wie der pc läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.03.2012, 17:02   #15
peter_at
 
50 Euro Trojaner - Standard

50 Euro Trojaner



Ich habe jetzt alles so gemacht wie du beschrieben hast und der PC läuft einwandfrei.

Was kannst du mir noch an Virenschutz empfehlen?

Antwort

Themen zu 50 Euro Trojaner
ad-aware, adobe, antivir, avira, bho, bonjour, converter, cs3, defender, desktop, disabletaskmgr, error, euro, feedback, firefox, format, google earth, home, mipony, mp3, object, realtek, registry, scan, software, trojane, trojaner, usb, version=1.0, vista



Ähnliche Themen: 50 Euro Trojaner


  1. 100 Euro Trojaner WIN xp 64 bit
    Log-Analyse und Auswertung - 28.06.2012 (1)
  2. Windows/Verschluesselungstrojaner WinXP *100 Euro Paysafe / 50 Euro Ucash
    Log-Analyse und Auswertung - 03.05.2012 (11)
  3. 5O euro Trojaner
    Log-Analyse und Auswertung - 22.04.2012 (48)
  4. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (6)
  5. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.04.2012 (3)
  6. 50 euro trojaner
    Log-Analyse und Auswertung - 03.04.2012 (21)
  7. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (4)
  8. 50 Euro Trojaner
    Log-Analyse und Auswertung - 27.03.2012 (10)
  9. 50 Euro Trojaner
    Log-Analyse und Auswertung - 20.03.2012 (21)
  10. AKM Trojaner 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (16)
  11. 50 euro trojaner
    Log-Analyse und Auswertung - 10.03.2012 (1)
  12. 50 Euro Sperre, 50 Euro Virus
    Log-Analyse und Auswertung - 12.02.2012 (14)
  13. 50 euro trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  14. 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (1)
  15. 50 Euro Trojaner
    Log-Analyse und Auswertung - 04.01.2012 (9)
  16. 50 Euro Trojaner
    Log-Analyse und Auswertung - 03.01.2012 (1)
  17. BKA-Trojaner 100 Euro
    Log-Analyse und Auswertung - 27.07.2011 (5)

Zum Thema 50 Euro Trojaner - Hallo! Ich habe mir auch den 50 Euro Trojaner eingefangen und will hiermit um Hilfe bitten. Den OTL Scan habe ich jetzt mal durchlaufen lassen. Hier das OTL Logfile Zitat: - 50 Euro Trojaner...
Archiv
Du betrachtest: 50 Euro Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.