Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Achtung! Aus Sicherheitsgründen wurde mein Windowssystem ... (https://www.trojaner-board.de/112021-achtung-sicherheitsgruenden-wurde-windowssystem.html)

adjo 21.03.2012 13:48
Achtung! Aus Sicherheitsgründen wurde mein Windowssystem ...
 
Hallo,
der Zugang zu meinem Notebook mit Windows Vista BS wurde mit der Warnung: "Achtung! Aus Sicherheitsgründen wurde mein Windowssystem blockiert" gesperrt. Laut Anleitung für dieses mehrfach beschriebene Problem, hier die aus der OTL-Software - die freundlicherweise kostenfrei bereit gestellt wird - generierten Textfiles. Ich wäre für Hilfe sehr dankbar:

--OTL Logfile:
Code:
OTL Extras logfile created on: 21.03.2012 13:04:09 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,73% Memory free
4,22 Gb Paging File | 3,83 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 19,75 Gb Free Space | 22,37% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 60,94 Gb Free Space | 69,25% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{297993EB-013A-43AE-A238-146681D863E0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5292B83B-1DDD-414A-993B-1A66048F674F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E9C3CA1-48C5-4401-B857-0115E709BE71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B700778D-4511-45EB-8F29-5633DAAACA1D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BC4D8374-4DA0-4FEB-A561-A512C9EDE7F3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C9EEFE50-6E8C-4BEB-B832-3B5D241CFAE2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE8A05B2-ED6D-4838-8992-48CFE5559D42}" = rport=2869 | protocol=6 | dir=out | app=system |
"{FAD508B1-FC59-44F5-82B7-B8967FAFB8BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18B3C34F-94C2-4D55-B3E8-39F3E31F7859}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{1D688F26-13A3-46FC-B7A0-9A1304C28980}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{288F68FC-BFBC-40D6-8625-E7B5AC7D4900}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{3512DAED-D9E3-4F89-806B-661B868EB73F}" = protocol=6 | dir=in | app=c:\users\sora\downloads\pdf_converter.exe |
"{35C0927A-00A7-4D74-85CD-D916863AD109}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{438061C0-7436-498C-8B75-340FF873ADAB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{44949DFD-6A3C-43A3-8CBA-B54CA9157390}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4F7A07DA-10AE-46B7-B1FD-9F734CA8264E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5107212C-0307-444A-8E37-A29D2BFC58E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D3CEFC3-4BB9-4391-8407-2E42526F20ED}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6D3E1A4F-57B8-4A16-A1AC-54F40AC8305E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7EAEAC41-5B89-4EAF-8C7E-80DA43D3A898}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{88222B59-9809-41AD-A728-13C244CE12A1}" = protocol=17 | dir=in | app=c:\users\sora\downloads\pdf_converter.exe |
"{A133AC27-2F02-4A74-9C1C-E8A5BC686941}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{AEBAE68E-BEA5-45E3-8368-5D0FF2B638FA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{BD1EA867-127E-41BB-925E-AA42C220998F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2D11D23-8303-423C-A6B7-822A0750A5AB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{C3FCF291-AD0B-48B1-A064-7A8FFD82F77A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{C6FC94C9-BD47-45C8-98E9-78EB16B756FE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{D04E0D51-7833-4FA1-93FD-0C14B374211C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D16229B5-DBE0-4217-A2F0-BFA48C4D7446}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E921B549-ACCE-4DBC-820A-74EB99545CBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech
"{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech
"{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese
"{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager
"{1BF15E4B-644F-470F-AADC-7BC84DD11E00}" = Toggolino Buchstabenteuer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4148991D-DB5B-4064-91D3-3F9B6FDBBE5C}" = Tunebite
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German
"{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish
"{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian
"{6441AB9A-4E6A-4ED5-BCF1-C32AB1109F06}" = AstroStar 10.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish
"{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish
"{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish
"{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese
"{78BB4AA8-C480-4C76-A980-5A02F8762B3D}" = eGSignPlus ActiveX For EBS
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New
"{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian
"{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish
"{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1042-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Korean
"{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian
"{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CloneCD" = CloneCD
"conduitEngine" = Conduit Engine
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"EditPlus 3" = EditPlus 3
"Emil und Pauline Spielplatz" = Emil und Pauline Spielplatz (remove only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"GENEUIDE" = USB Storage Driver
"InstallShield_{6441AB9A-4E6A-4ED5-BCF1-C32AB1109F06}" = AstroStar 10.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MSC" = McAfee SecurityCenter
"Nokia PC Suite" = Nokia PC Suite
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VSO PhotoOnWeb_is1" = VSO PhotoOnWeb 0.9.0.7
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2011 13:29:09 | Computer Name = Sora-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.03.2011 13:29:09 | Computer Name = Sora-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 12.03.2011 13:31:00 | Computer Name = Sora-PC | Source = RasClient | ID = 20227
Description =
 
Error - 13.03.2011 19:00:01 | Computer Name = Sora-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 16.03.2011 08:12:27 | Computer Name = Sora-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 16.03.2011 17:56:54 | Computer Name = Sora-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 17.03.2011 19:20:01 | Computer Name = Sora-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 18.03.2011 11:40:47 | Computer Name = Sora-PC | Source = RasClient | ID = 20227
Description =
 
Error - 18.03.2011 11:40:47 | Computer Name = Sora-PC | Source = RasClient | ID = 20227
Description =
 
Error - 18.03.2011 13:58:42 | Computer Name = Sora-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 21.03.2012 07:57:31 | Computer Name = Sora-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 21.03.2012 07:59:45 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 07:59:53 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 07:59:56 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 08:00:07 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 08:00:20 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 08:00:41 | Computer Name = Sora-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21.03.2012 08:00:41 | Computer Name = Sora-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.03.2012 08:03:26 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.03.2012 08:03:26 | Computer Name = Sora-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 21.03.2012 13:04:09 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,73% Memory free
4,22 Gb Paging File | 3,83 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 19,75 Gb Free Space | 22,37% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 60,94 Gb Free Space | 69,25% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sora\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Sora\AppData\Roaming\Mozilla\Firefox\Profiles\2rb951fr.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (McRedirector) -- c:\Programme\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
SRV - (Emproxy) -- C:\Programme\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)
SRV - (McAfee HackerWatch Service) -- C:\Programme\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (netrcacm) -- C:\Windows\System32\drivers\netrcacm.sys (Thomson Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2096149
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?G=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 14 FE 73 B6 6B CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2096149
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Eazel-DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://spiegel.de"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.04.06 19:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.05 09:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 19:25:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 13:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.20 13:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.21 10:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sora\AppData\Roaming\mozilla\Extensions
[2011.01.21 10:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sora\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.07 18:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sora\AppData\Roaming\mozilla\Firefox\Profiles\2rb951fr.default\extensions
[2012.01.30 21:25:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sora\AppData\Roaming\mozilla\Firefox\Profiles\2rb951fr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.07 18:46:25 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Users\Sora\AppData\Roaming\mozilla\Firefox\Profiles\2rb951fr.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2011.02.02 09:26:17 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Sora\AppData\Roaming\mozilla\Firefox\Profiles\2rb951fr.default\extensions\2020Player@2020Technologies.com
[2011.06.03 08:27:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sora\AppData\Roaming\mozilla\Firefox\Profiles\2rb951fr.default\extensions\engine@conduit.com
[2010.09.24 11:20:16 | 000,000,919 | ---- | M] () -- C:\Users\Sora\AppData\Roaming\Mozilla\Firefox\Profiles\2rb951fr.default\searchplugins\conduit.xml
[2011.11.23 21:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.23 20:07:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\SORA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2RB951FR.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012.03.18 19:25:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2012.02.12 18:44:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.19 23:03:25 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.12 18:44:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 18:44:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 18:44:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 18:44:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 18:44:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
CHR - default_search_provider: Search the web (Babylon) ()
CHR - default_search_provider: search_url = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&AF=14437
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart File not found
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - HKCU..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\Sora\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab (INIwallet60 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B739E56-E2B9-405F-A17A-E3B086373718}: DhcpNameServer = 83.169.184.33 83.169.184.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C9C4C6D-8ED5-4ED6-BEB7-2C7283CE2887}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6D1B2F4-527F-40AF-878E-E93BDB189A11}: DhcpNameServer = 83.169.184.33 83.169.184.97
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Bilder\Sora\2010-05-23\893.JPG
O24 - Desktop BackupWallPaper: D:\Bilder\Sora\2010-05-23\893.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62bc9f9c-ecbf-11e0-b4c8-0013775cadfc}\Shell - "" = AutoRun
O33 - MountPoints2\{62bc9f9c-ecbf-11e0-b4c8-0013775cadfc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{62bc9f9f-ecbf-11e0-b4c8-0013775cadfc}\Shell - "" = AutoRun
O33 - MountPoints2\{62bc9f9f-ecbf-11e0-b4c8-0013775cadfc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7e48edcb-ec64-11e0-8b83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e48edcb-ec64-11e0-8b83-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b6aadb89-4eac-11df-9ad8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b6aadb89-4eac-11df-9ad8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b6aadbbb-4eac-11df-9ad8-0013775cadfc}\Shell - "" = AutoRun
O33 - MountPoints2\{b6aadbbb-4eac-11df-9ad8-0013775cadfc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.21 11:25:55 | 000,071,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Sora\0.7712592423180975.exe
[2012.03.14 19:13:35 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 19:13:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 19:13:33 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 19:13:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 19:13:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 19:13:33 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.14 19:13:10 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 12:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 12:58:07 | 000,029,492 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.03.21 12:57:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 12:57:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 12:36:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.21 11:26:44 | 000,016,185 | ---- | M] () -- C:\Users\Sora\Desktop\Emotiontablett.odg
[2012.03.21 11:25:55 | 000,071,840 | ---- | M] (Microsoft Corporation) -- C:\Users\Sora\0.7712592423180975.exe
[2012.03.21 11:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.20 20:07:30 | 000,144,896 | ---- | M] () -- C:\Users\Sora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.20 19:42:40 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 19:42:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 19:42:40 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 19:42:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.18 11:47:06 | 000,034,205 | ---- | M] () -- C:\Users\Sora\Desktop\Besiedle Region.jpg
[2012.03.15 22:16:00 | 000,255,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.04 22:57:16 | 000,035,564 | ---- | M] () -- C:\Users\Sora\Desktop\busreisen.de.pdf
[2012.03.04 20:42:25 | 000,017,679 | ---- | M] () -- C:\Users\Sora\Desktop\busreisen.de-Clon.odg
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 11:47:06 | 000,034,205 | ---- | C] () -- C:\Users\Sora\Desktop\Besiedle Region.jpg
[2012.03.15 23:28:29 | 000,016,185 | ---- | C] () -- C:\Users\Sora\Desktop\Emotiontablett.odg
[2012.03.04 22:57:15 | 000,035,564 | ---- | C] () -- C:\Users\Sora\Desktop\busreisen.de.pdf
[2012.03.04 19:57:57 | 000,017,679 | ---- | C] () -- C:\Users\Sora\Desktop\busreisen.de-Clon.odg
[2011.07.10 09:44:34 | 000,000,000 | ---- | C] () -- C:\Users\Sora\AppData\Local\{D9928963-71F1-45E1-8BA1-0F1E6FA9E552}
[2011.03.05 18:37:41 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.02.16 18:38:43 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.10.19 23:03:34 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.08.12 17:11:54 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI
[2010.03.23 20:50:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:5A027886509F7381
 
< End of report >
--- --- ---

markusg 21.03.2012 17:47
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Sora\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
 :Files
C:\Users\Sora\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

adjo 21.03.2012 22:13
Hallo markusg,

vielen lieben Dank. Ich bin begeistert. Das Problem ist behoben! Ich werde euch eine kleine Spende zukommen lassen.

Hier, wie gewünscht, der Inhalt der Textdatei:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\***\AppData\Local\Skype\SkypePM.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: ***
->Flash cache emptied: 158139 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 1182046029 bytes
->Temporary Internet Files folder emptied: 809694188 bytes
->Java cache emptied: 61066824 bytes
->FireFox cache emptied: 59217328 bytes
->Google Chrome cache emptied: 6081295 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 28802 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 553134373 bytes
RecycleBin emptied: 7648558458 bytes

Total Files Cleaned = 9.842,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_215645

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_a24iZuowrmx8z1E not found!

Registry entries deleted on Reboot...

markusg 22.03.2012 11:17
hi
wie gewünscht ists nicht, der upload fehlt.

adjo 24.03.2012 21:37
Hallo,

welchen upload meinst du?

markusg 25.03.2012 18:52
den von moved files, steht ja eig da.

adjo 27.03.2012 18:28
Hi markusg,

entschuldige bitte, hatte die Anweisung irgendwie überlesen. Der upload hat ohne Probleme geklappt.

markusg 27.03.2012 18:38
na das ist doch schon mal was :-)
danke.[*] Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.[*] Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.[/list]

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

adjo 28.03.2012 21:19
Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

28.03.2012 20:37:03
mbam-log-2012-03-28 (20-37-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291678
Laufzeit: 1 Stunde(n), 21 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\0.7712592423180975.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03212012_215645\C_Users\Sora\AppData\Local\Skype\SkypePM.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 29.03.2012 10:14
hi,
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

adjo 31.03.2012 10:14
Combofix Logfile:
Code:
ComboFix 12-03-30.06 - Sora 31.03.2012  10:40:14.2.2 - x86
ausgeführt von:: c:\users\Sora\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-28 bis 2012-03-31  ))))))))))))))))))))))))))))))
.
.
2012-03-31 08:49 . 2012-03-31 08:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-31 07:29 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C98F889C-6700-472A-92B4-72A3741ED9C9}\mpengine.dll
2012-03-28 18:34 . 2012-03-28 18:34        --------        d-----w-        c:\users\Sora\AppData\Roaming\Malwarebytes
2012-03-28 18:34 . 2012-03-28 18:34        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-28 18:34 . 2012-03-28 18:34        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-28 18:34 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-24 20:06 . 2012-03-24 20:06        --------        d-----w-        c:\program files\Common Files\Skype
2012-03-21 20:56 . 2012-03-27 17:19        --------        d-----w-        C:\_OTL
2012-03-18 18:25 . 2012-03-18 18:25        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 18:25 . 2012-03-18 18:25        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 18:13 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 18:13 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-14 18:13 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-14 18:13 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-03-14 18:13 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-14 18:13 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 18:13 . 2012-01-31 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 18:13 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll
2012-03-14 18:13 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-02-11 19:57        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-11 17:59 . 2012-02-11 17:59        1207568        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-08 11:16 . 2012-01-08 11:16        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-01-08 11:16 . 2012-01-08 11:16        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-01-08 11:16 . 2012-01-08 11:16        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-01-08 11:16 . 2012-01-08 11:16        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-01-08 11:16 . 2012-01-08 11:16        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-01-08 11:16 . 2012-01-08 11:16        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-01-08 11:16 . 2012-01-08 11:16        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-01-08 11:16 . 2012-01-08 11:16        367104        ----a-w-        c:\windows\system32\html.iec
2012-01-08 11:16 . 2012-01-08 11:16        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-01-08 11:16 . 2012-01-08 11:16        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-01-08 11:16 . 2012-01-08 11:16        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-01-08 11:16 . 2012-01-08 11:16        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-01-08 11:16 . 2012-01-08 11:16        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-01-08 11:16 . 2012-01-08 11:16        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-01-08 11:16 . 2012-01-08 11:16        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-01-08 11:16 . 2012-01-08 11:16        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-01-08 11:16 . 2012-01-08 11:16        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-03-18 18:25 . 2011-05-31 07:22        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02        3863136        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
2010-09-12 13:02        3863136        ----a-w-        c:\program files\Eazel-DE\tbEaze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}"= "c:\program files\Eazel-DE\tbEaze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-12-18 323216]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04        8192        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:33]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?G=1
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
FF - ProfilePath - c:\users\Sora\AppData\Roaming\Mozilla\Firefox\Profiles\2rb951fr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://spiegel.de
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-31 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-31  10:58:20
ComboFix-quarantined-files.txt  2012-03-31 08:58
.
Vor Suchlauf: 13 Verzeichnis(se), 36.873.109.504 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 36.816.961.536 Bytes frei
.
- - End Of File - - 4D2EFE2EE042645E7AC9F684E825D291
--- --- ---

markusg 31.03.2012 16:00
lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131