Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.06.2013, 14:49   #1
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Hallo liebes Helferteam.
Hab mir wohl nen Bundestrojaner eingefangen.
Nach dem nix mehr ging und nur noch die Seite mit 100 Euronen bezahlen und so kam,hab ich mir den Windows unlocker von Kaspersky gezogen.Dann von USB Stick gebootet.Es ging wieder alles.Antivir durchlaufen lassen,der hat coolwwwsearchCtfmon 1 zip. gefunden.Malewarebytes hat nix gefunden und Spybot auch nicht.
Da ich ziemlich viele wichtige Daten aufm Laptop hab,wollt ich ungern formatieren.

Vielen Dank schonmal

Alt 18.06.2013, 14:56   #2
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen





Log von Antivir so erstellen: http://www.trojaner-board.de/125889-...en-posten.html



Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 18.06.2013, 20:31   #3
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Hi t'john

Danke schonmal

Logfile von Avira

Exportierte Ereignisse:

18/06/2013 20:49 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5a9
617a7'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Dermit.GX' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

18/06/2013 14:07 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
enthielt einen Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5512d2ab.qua'
verschoben!

18/06/2013 14:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

18/06/2013 14:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern





Und Logfile OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18/06/2013 21:18:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\olebowle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free
6.19 Gb Paging File | 5.02 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 70.98 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 133.54 Gb Free Space | 93.68% Space Free | Partition Type: NTFS
Drive F: | 980.72 Mb Total Space | 671.77 Mb Free Space | 68.50% Space Free | Partition Type: FAT
 
Computer Name: OLEBOWLE-PC | User Name: olebowle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\olebowle\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Users\olebowle\AppData\Roaming\Mobile Partner\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Winmgmt) -- C:\ProgramData\birido.dat (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a6hwntb2) --  File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (ewsercd) -- C:\Windows\System32\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {533345A8-F4AF-455A-B5C6-42BC0664B827}
IE - HKU\.DEFAULT\..\SearchScopes\{533345A8-F4AF-455A-B5C6-42BC0664B827}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {533345A8-F4AF-455A-B5C6-42BC0664B827}
IE - HKU\S-1-5-18\..\SearchScopes\{533345A8-F4AF-455A-B5C6-42BC0664B827}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes\{57984F6D-7861-4977-AD48-E9A31B8D2F11}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en___DE393
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\olebowle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/12/02 14:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Extensions
[2010/12/02 14:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/21 11:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions
[2013/01/02 22:49:52 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions\battlefieldplay4free@ea.com
[2013/04/10 21:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\a4wmpzsa.default\extensions
[2013/04/10 21:38:35 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\olebowle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\a4wmpzsa.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/05/21 11:24:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/25 19:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 19:33:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000..\Run: [ctfmon32.exe] C:\ProgramData\birido.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\RunOnce: [AcerScrSav] C:\Windows\ACER\run_NB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0330D446-2A5F-41F3-AB17-26E9B46AF093}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04AEA37E-497E-49F3-A1B0-3FD56130A337}: DhcpNameServer = 194.151.228.34 194.151.228.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A007671-3A50-4BAD-A62F-CD454CAF6B04}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25229ADE-7D40-4227-B2BE-37A5598AFECB}: DhcpNameServer = 62.133.126.28 62.133.126.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{535F4F05-E38E-4803-A46D-173542307F8C}: DhcpNameServer = 62.133.126.28 62.133.126.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E816C3-B677-45F3-BB74-96FD0C873463}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E271686C-CBD6-4E18-96E4-5A5BB31A7538}: DhcpNameServer = 62.133.126.28 62.133.126.29
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\olebowle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\olebowle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00996a1a-40f2-11e0-aa6e-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{00996a1a-40f2-11e0-aa6e-00238b7dd409}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{00996a4f-40f2-11e0-aa6e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{00996a4f-40f2-11e0-aa6e-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{12fad846-94e7-11e0-a77b-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{12fad846-94e7-11e0-a77b-00238b7dd409}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{256752c4-b6aa-11df-8f8a-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{256752c4-b6aa-11df-8f8a-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35b7de2c-bb45-11df-a840-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{35b7de2c-bb45-11df-a840-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35b7de2d-bb45-11df-a840-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{35b7de2d-bb45-11df-a840-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4962b907-37b7-11e0-b1e5-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{4962b907-37b7-11e0-b1e5-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4962b909-37b7-11e0-b1e5-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{4962b909-37b7-11e0-b1e5-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{577b5d27-3ab6-11e0-ae47-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{577b5d27-3ab6-11e0-ae47-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{577b5d3a-3ab6-11e0-ae47-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{577b5d3a-3ab6-11e0-ae47-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6f7cac3d-731a-11e0-a77f-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7cac3d-731a-11e0-a77f-001e101f82a7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{83a72d71-7be1-11e0-85c2-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{83a72d71-7be1-11e0-85c2-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{87a8028a-4b34-11e0-a204-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{87a8028a-4b34-11e0-a204-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e1a2f4be-2d4c-11e0-a367-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{e1a2f4be-2d4c-11e0-a367-00238b7dd409}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/18 15:45:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/06/18 11:58:11 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\birido.dat
[2013/06/13 17:22:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/13 17:22:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/13 17:22:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/13 17:22:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/13 17:22:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/13 17:22:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/13 17:22:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/13 17:22:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/12 12:02:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/12 12:02:14 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 12:02:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 12:02:09 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 12:02:09 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/06 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy
[2013/05/25 19:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/09 15:24:55 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012/01/09 15:24:55 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2003/09/10 20:51:38 | 001,626,172 | ---- | C] (Albert L Faber) -- C:\Program Files\CDex.exe
[2003/09/10 20:48:56 | 000,083,456 | ---- | C] (Albert L Faber) -- C:\Program Files\CDRip.dll
[2002/08/07 22:07:22 | 000,071,680 | ---- | C] (Matthew T. Ashland) -- C:\Program Files\MACDll.dll
[2002/04/20 13:07:30 | 000,069,632 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/18 21:04:25 | 000,000,852 | ---- | M] () -- C:\Users\olebowle\Desktop\OTL.lnk
[2013/06/18 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/18 20:40:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065798087-2607588636-1036883106-1001UA.job
[2013/06/18 19:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 19:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 19:25:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/18 19:25:21 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 19:17:30 | 095,023,320 | ---- | M] () -- C:\ProgramData\odirib.pad
[2013/06/18 15:45:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/06/18 15:03:27 | 000,009,258 | ---- | M] () -- C:\Users\olebowle\Documents\cc_20130618_150321.reg
[2013/06/18 11:58:53 | 000,000,870 | ---- | M] () -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/18 11:58:30 | 000,002,670 | ---- | M] () -- C:\ProgramData\odirib.js
[2013/06/18 11:58:11 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\birido.dat
[2013/06/18 11:03:16 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/18 11:03:16 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/18 06:57:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/12 09:56:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/12 09:56:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/09 16:39:59 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065798087-2607588636-1036883106-1001Core.job
[2013/06/06 14:16:51 | 000,002,573 | ---- | M] () -- C:\Users\olebowle\Desktop\ICM Trainer.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/18 21:04:25 | 000,000,852 | ---- | C] () -- C:\Users\olebowle\Desktop\OTL.lnk
[2013/06/18 19:25:21 | 3215,843,328 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/18 15:03:24 | 000,009,258 | ---- | C] () -- C:\Users\olebowle\Documents\cc_20130618_150321.reg
[2013/06/18 11:58:53 | 000,000,870 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/18 11:58:30 | 000,002,670 | ---- | C] () -- C:\ProgramData\odirib.js
[2013/06/18 11:58:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\odirib.pad
[2013/06/06 14:04:37 | 000,002,573 | ---- | C] () -- C:\Users\olebowle\Desktop\ICM Trainer.lnk
[2013/02/23 22:58:37 | 021,748,128 | ---- | C] () -- C:\Users\olebowle\AppData\Local\TempFullTiltPokerEuSetup.exe
[2012/10/23 19:52:11 | 000,003,516 | ---- | C] () -- C:\Program Files\Default.prf.ini
[2012/10/14 17:46:56 | 000,024,206 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\UserTile.png
[2012/08/13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/08/13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012/08/13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012/08/13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012/03/02 17:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/01/09 15:24:55 | 006,438,912 | ---- | C] () -- C:\Program Files\QtGui4.dll
[2012/01/09 15:24:55 | 001,581,056 | ---- | C] () -- C:\Program Files\QtCore4.dll
[2012/01/09 15:24:55 | 000,536,576 | ---- | C] () -- C:\Program Files\QtSql4.dll
[2012/01/09 15:24:55 | 000,516,096 | ---- | C] () -- C:\Program Files\ohc.exe
[2012/01/09 15:24:55 | 000,356,352 | ---- | C] () -- C:\Program Files\QtXml4.dll
[2012/01/09 15:24:55 | 000,348,160 | ---- | C] () -- C:\Program Files\QtNetwork4.dll
[2012/01/09 15:24:55 | 000,106,496 | ---- | C] () -- C:\Program Files\libpq.dll
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/17 12:00:07 | 000,001,633 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/16 10:28:32 | 000,000,090 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\wklnhst.dat
[2010/12/30 17:29:37 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/11/29 19:50:10 | 000,000,632 | RHS- | C] () -- C:\Users\olebowle\ntuser.pol
[2010/09/07 19:13:02 | 000,138,056 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\PnkBstrK.sys
[2010/08/18 22:36:10 | 000,017,408 | ---- | C] () -- C:\Users\olebowle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 22:24:03 | 000,048,668 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/18 22:20:15 | 000,048,668 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/18 21:35:23 | 000,000,680 | ---- | C] () -- C:\Users\olebowle\AppData\Local\d3d9caps.dat
[2003/09/10 20:49:34 | 000,096,768 | ---- | C] ( ) -- C:\Program Files\libsndfile.dll
[2001/07/15 23:14:12 | 000,003,516 | ---- | C] () -- C:\Program Files\CDex.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/01/09 23:38:15 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Acer GameZone Console
[2013/01/10 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\APP_NAME_NON_STRING
[2010/10/30 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Canneverbe Limited
[2010/09/06 17:21:59 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/12 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 15:51:27 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2013/02/15 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DVDVideoSoft
[2013/02/15 14:54:15 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/03/01 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Epson
[2012/11/11 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\GlarySoft
[2011/06/26 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\HEM Data
[2011/03/17 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\HoldemManager
[2013/06/17 19:57:29 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Microgaming
[2011/03/12 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Mobile Partner
[2013/03/26 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Notepad++
[2012/02/09 15:27:38 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\OpenOffice.org
[2013/03/28 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Opera
[2012/10/04 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Party
[2012/11/22 17:21:55 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PCCUStubInstaller
[2013/01/11 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PDF Architect
[2013/02/22 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\pdfforge
[2012/10/14 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PeerNetworking
[2012/07/24 10:21:29 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Philipp Winterberg
[2010/10/04 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Propellerhead Software
[2011/03/19 22:10:20 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Roaming
[2011/12/20 15:56:38 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Samsung
[2011/12/20 16:28:55 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Temp
[2011/01/16 10:29:03 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Template
[2011/12/17 18:16:50 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Thunderbird
[2010/12/02 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\TomTom
[2011/03/24 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\uTorrent
[2012/04/12 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Verbindungsassistent
[2010/09/02 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Vodafone
[2012/08/06 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18/06/2013 21:18:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\olebowle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free
6.19 Gb Paging File | 5.02 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 70.98 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 133.54 Gb Free Space | 93.68% Space Free | Partition Type: NTFS
Drive F: | 980.72 Mb Total Space | 671.77 Mb Free Space | 68.50% Space Free | Partition Type: FAT
 
Computer Name: OLEBOWLE-PC | User Name: olebowle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3065798087-2607588636-1036883106-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D938E-9917-4436-95CC-4B1CDA97096B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{121EF7AB-0FBA-4DA2-99F0-ECCA8F064CC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{407BD833-AC24-40B0-A909-07701F7AC98C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4223A72A-11C0-4CFC-8246-036634E9A1B3}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{471672B3-48AB-4AB3-8799-B2DAEE145160}" = lport=137 | protocol=17 | dir=in | app=system | 
"{49CC6845-746F-4D04-A7CA-B8495F03F980}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{504C76EE-3148-49CA-A778-9F14C1281B0E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{526BD496-3CE9-40CC-A31E-E906124ACA13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5E1B0F66-2E6F-4CFB-BDC5-4F53F767A609}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{754838B1-D554-4012-8ACD-FC097272E95A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7EB39CF1-94EF-44DA-8E1C-91DDD98A9836}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{99BBB3ED-5094-41B0-A775-D365B95E87C7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C4DB353-63C9-42AB-8F8D-2B9FF14FF7E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B19B6744-D726-4136-AE68-409901E93C82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3ECE180-4540-4619-8A1D-D6DE373C03A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CC64ACFC-D78D-4651-9656-81EF54117E71}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC427D93-0B37-48D4-A97A-5B6565919D4F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DED4F147-0A4A-40A8-8A3B-20DF21F53716}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E20F0B2E-654E-4F22-83EA-86CD70F0FAC0}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0464C4F1-298A-4CCA-9746-FF4396F2A6AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3054E346-0D02-444D-AECA-088E8B6B3C16}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3B3E5E85-B7F1-4014-97FB-E1742FCB91E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3B3FCC52-AC5E-44B7-9655-00046FDD8887}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4B85D961-CBC8-4CC1-AD23-1C3671C65C49}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{561852CF-CB76-4D47-9E54-AFD0D8270E4B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{70EC3706-55D8-4380-8110-962700E3B273}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7E6A83FA-FE85-4CA4-9C00-6851E7335C65}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{905C8335-C266-4306-83D2-78ACECC1E4BC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9FF25D41-5FF8-4508-9EF1-470CA6AA589A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C581D9EE-55F7-453F-BA1F-0B3C62847001}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D130F18C-8884-45CF-9AD0-9D680ADC3008}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D1981763-5E20-4688-B744-B64CE9367159}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D2505365-950E-4210-9952-A68725338CC0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E13B6ADB-8996-426B-A357-C3F18D4311E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F11C6F0B-87E9-4FE4-9CD3-EC0E8BB8AB88}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{F2FC6687-9653-46B3-B497-94D2E2C18F83}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"TCP Query User{0E82A74A-21F5-4F8A-B18B-1AB20888B1CC}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{C60F31EC-605E-4282-AAB1-91DAC6D1DF36}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{D40721DC-67E2-4F6B-86FA-B169C67B971D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{488B1C0C-0F00-4ADE-B237-67122BB1A942}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{7B6CBFD9-E9ED-4499-ABA2-8C1AEA3DB8F1}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{7D836694-72A2-4673-BF0E-C6A0B70B4DF8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{38B746B5-44EE-4FFA-B987-581B5CF4A097}" = PokerStrategy.com Equilab - Omaha
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D09F48-CDAB-4B4C-8806-F6C16F17935A}" = PokerStrategy.com Equilab
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"24hPoker (Poker)" = 24hPoker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manual
"Everest Casino" = Everest Casino (Remove Only)
"EverestPoker.com" = EverestPoker.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"GridVista" = Acer GridVista
"HoldemManager" = Holdem Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"PostgreSQL 8.4" = PostgreSQL 8.4
"sl.GameLauncher" = sl.GameLauncher
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18/06/2013 07:40:21 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 13:40:20 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 07:46:38 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 13:46:38 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 09:44:58 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 15:44:58 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 11:37:46 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 17:37:46 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 11:44:30 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 17:44:30 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 12:27:49 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 18:27:49 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 12:51:23 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 18:51:23 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 13:01:24 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:01:24 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 13:07:57 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:07:57 CESTFATAL:  the database system is starting up

 
Error - 18/06/2013 13:17:13 | Computer Name = olebowle-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 18/06/2013 13:25:40 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:25:40 CESTFATAL:  the database system is starting up

 
[ Media Center Events ]
Error - 15/02/2011 12:58:38 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 15/08/2011 06:42:15 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
 try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 23/10/2012 13:31:43 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
[ System Events ]
Error - 18/06/2013 13:02:10 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18/06/2013 13:08:43 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18/06/2013 13:16:11 | Computer Name = olebowle-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
 
Error - 18/06/2013 13:17:01 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:17:13 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:17:38 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18/06/2013 13:26:30 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 19.06.2013, 07:22   #4
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000..\Run: [ctfmon32.exe] C:\ProgramData\birido.dat (Microsoft Corporation) 
[2013/06/18 15:45:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe 
[2013/06/18 11:58:11 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\birido.dat 
[2013/06/18 19:17:30 | 095,023,320 | ---- | M] () -- C:\ProgramData\odirib.pad 
[2013/06/18 11:58:53 | 000,000,870 | ---- | M] () -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk 
[2013/06/18 11:58:30 | 000,002,670 | ---- | M] () -- C:\ProgramData\odirib.js 
[2013/02/23 22:58:37 | 021,748,128 | ---- | C] () -- C:\Users\olebowle\AppData\Local\TempFullTiltPokerEuSetup.exe 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\olebowle\*.tmp
C:\Users\olebowle\AppData\*.dll
C:\Users\olebowle\AppData\*.exe
C:\Users\olebowle\AppData\Local\Temp\*.exe
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.06.2013, 09:57   #5
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Hi t'john

Logfile OTL

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3065798087-2607588636-1036883106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
C:\ProgramData\birido.dat moved successfully.
C:\ProgramData\rundll32.exe moved successfully.
File C:\ProgramData\birido.dat not found.
C:\ProgramData\odirib.pad moved successfully.
C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
C:\ProgramData\odirib.js moved successfully.
C:\Users\olebowle\AppData\Local\TempFullTiltPokerEuSetup.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\olebowle\*.tmp not found.
File\Folder C:\Users\olebowle\AppData\*.dll not found.
File\Folder C:\Users\olebowle\AppData\*.exe not found.
C:\Users\olebowle\AppData\Local\Temp\2SKKKKKKK.exe moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\olebowle\Downloads\cmd.bat deleted successfully.
C:\Users\olebowle\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: olebowle
->Temp folder emptied: 237914 bytes
->FireFox cache emptied: 88568274 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 41550 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: postgres.olebowle-PC
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 3641 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 288187 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 85.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06192013_090310

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Logfile Malewarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
olebowle :: OLEBOWLE-PC [Administrator]

19/06/2013 09:07:45
mbam-log-2013-06-19 (09-07-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 369310
Laufzeit: 1 Stunde(n), 16 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\06192013_090310\C_ProgramData\birido.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




Und Logfile AdwCleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Logfile created 06/19/2013 at 10:41:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : olebowle - OLEBOWLE-PC
# Boot Mode : Normal
# Running from : C:\Users\olebowle\Downloads\adwcleaner2303.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\olebowle\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\olebowle\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (de)

File : C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\prefs.js

C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "3854eed500000000000000238b7dd409");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15546");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110184&tt=3012_5");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.110:52:57");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4859 octets] - [19/06/2013 10:41:40]

########## EOF - C:\AdwCleaner[S1].txt - [4919 octets] ##########
         
--- --- ---


Hoffe es ist alles korrekt so.
THX und beste Gruesse :-)


Alt 19.06.2013, 16:32   #6
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> Bundestrojaner eingefangen

Alt 20.06.2013, 11:38   #7
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



So,kann's weitergehen :-)

aswMBR Log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 21:40:12
-----------------------------
21:40:12.309 OS Version: Windows 6.0.6002 Service Pack 2
21:40:12.309 Number of processors: 2 586 0x170A
21:40:12.310 ComputerName: OLEBOWLE-PC UserName: olebowle
21:40:12.906 Initialize success
21:40:37.606 AVAST engine defs: 13061900
21:40:55.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:55.751 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
21:40:56.100 Disk 0 MBR read successfully
21:40:56.103 Disk 0 MBR scan
21:40:56.127 Disk 0 unknown MBR code
21:40:56.144 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
21:40:56.172 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145965 MB offset 27265024
21:40:56.203 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145966 MB offset 326201344
21:40:56.237 Disk 0 scanning sectors +625139712
21:40:56.510 Disk 0 scanning C:\Windows\system32\drivers
21:41:20.698 Service scanning
21:41:43.291 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:52.839 Modules scanning
21:42:12.214 Disk 0 trace - called modules:
21:42:12.245 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spbt.sys >>UNKNOWN [0x858da938]<<
21:42:12.245 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8648c1a8]
21:42:12.245 3 CLASSPNP.SYS[8aba48b3] -> nt!IofCallDriver -> [0x859b2310]
21:42:12.261 5 acpi.sys[807aa6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859b3028]
21:42:12.791 AVAST engine scan C:\Windows
21:42:22.603 AVAST engine scan C:\Windows\system32
21:47:25.805 AVAST engine scan C:\Windows\system32\drivers
21:47:42.029 AVAST engine scan C:\Users\olebowle
21:52:42.454 AVAST engine scan C:\ProgramData
21:53:47.490 Scan finished successfully
22:02:03.477 Disk 0 MBR has been saved successfully to "C:\Users\olebowle\Desktop\MBR.dat"
22:02:03.492 The log file has been saved successfully to "C:\Users\olebowle\Desktop\aswMBR.txt"


und ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a9b9b948e08b314c8fe5511f638ee4a9
# engine=14111
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-19 06:39:47
# local_time=2013-06-19 08:39:47 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 15201 237094077 7974 0
# compatibility_mode=5892 16776573 100 100 41783 209199915 0 0
# scanned=135956
# found=4
# cleaned=0
# scan_time=7794
sh=E33D83D7ACE2F2A5A63595CB5DF78B716279E22F ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\_OTL\MovedFiles\06192013_090310\C_ProgramData\odirib.js"
sh=CEA4B75111E4560B101FDF28BA984C6FA8967781 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\06192013_090310\C_Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5a9617a7"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAD trojan" ac=I fn="F:\Spiele\Bulletstorm (2011)\flt-bull.iso"
sh=480FA2E02978E8173DE15B98EC3C8FEC9A4A424C ft=1 fh=1e3ce5e42604fd71 vn="a variant of Win32/Packed.VMProtect.AAD trojan" ac=I fn="F:\Spiele\Bulletstorm (2011)\Binaries\Win32\xlive.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a9b9b948e08b314c8fe5511f638ee4a9
# engine=14113
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 09:07:04
# local_time=2013-06-20 11:07:04 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 6628 237146114 0 0
# compatibility_mode=5892 16776573 100 100 93820 209251952 0 0
# scanned=132206
# found=2
# cleaned=0
# scan_time=6445
sh=E33D83D7ACE2F2A5A63595CB5DF78B716279E22F ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\_OTL\MovedFiles\06192013_090310\C_ProgramData\odirib.js"
sh=CEA4B75111E4560B101FDF28BA984C6FA8967781 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\06192013_090310\C_Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5a9617a7"


securitycheck Log

Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java(TM) 6 Update 30
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Big Thx und beste Gruesse t'john

Alt 20.06.2013, 12:36   #8
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.06.2013, 14:35   #9
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 21.0 ist aktuell

    Flash (11,7,700,224) ist aktuell.

    Java (1,7,0,25) ist aktuell.

    Adobe Reader 9,5,5,316 ist veraltet!
    Aktualisieren Sie bitte auf die neueste Version: 11.0

 

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent
         

nach deaktivieren

Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 21.0 ist aktuell

    Flash (11,7,700,224) ist aktuell.

    Java ist nicht Installiert oder nicht aktiviert.

    Adobe Reader 9,5,5,316 ist veraltet!
    Aktualisieren Sie bitte auf die neueste Version: 11.0

 

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent
         

Danke :-)

Alt 20.06.2013, 16:34   #10
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.06.2013, 00:24   #11
olebowle
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



Alles ausgefuehrt und Tips gelesen.
Big THX man.Donate is on the way

Danke

Alt 21.06.2013, 15:38   #12
t'john
/// Helfer-Team
 
Bundestrojaner eingefangen - Standard

Bundestrojaner eingefangen



wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundestrojaner eingefangen
100 euro, bezahlen, bundes, bundestrojaner, bundestrojaner eingefangen, eingefangen, formatiere, gefangen, gefunde, gen, gen/pwdzip, helfer, java/dldr.dermit.gx, kaspersky, laptop, schonmal, spybot, trojan.fakems, unlocker, usb, usb stick, wichtige daten, win32/packed.vmprotect.aad, win32/reveton.r, windows, windows unlocker



Ähnliche Themen: Bundestrojaner eingefangen


  1. Windows 8: Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2015 (13)
  2. Neuster bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (9)
  3. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  4. Bundestrojaner eingefangen...
    Log-Analyse und Auswertung - 30.08.2013 (3)
  5. Bundestrojaner heute eingefangen
    Log-Analyse und Auswertung - 11.06.2013 (12)
  6. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  7. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  8. Bundestrojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  9. Bundestrojaner eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (7)
  10. BUNDESTROJANER eingefangen! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (9)
  11. Bundestrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (19)
  12. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 16.07.2012 (1)
  13. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.07.2012 (9)
  14. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 13.03.2012 (11)
  15. Bundestrojaner eingefangen - 100€ zahlen?
    Log-Analyse und Auswertung - 08.03.2012 (1)
  16. Bundestrojaner heute eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  17. Bundestrojaner eingefangen
    Log-Analyse und Auswertung - 28.08.2011 (4)

Zum Thema Bundestrojaner eingefangen - Hallo liebes Helferteam. Hab mir wohl nen Bundestrojaner eingefangen. Nach dem nix mehr ging und nur noch die Seite mit 100 Euronen bezahlen und so kam,hab ich mir den Windows - Bundestrojaner eingefangen...
Archiv
Du betrachtest: Bundestrojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.