Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA/GVU Trojaner eingefangen - 100€ Ukash zahlen (https://www.trojaner-board.de/123838-bka-gvu-trojaner-eingefangen-100-ukash-zahlen.html)

BenjaminA 10.09.2012 15:28
BKA/GVU Trojaner eingefangen - 100€ Ukash zahlen
 
Ja hallo zusammen erstmal.

Ich habe mir den BKA/GVU Trojaner eingefangen und habe keine Ahnung was ich dagegen tun kann.
Sobald mein Laptop mit Vista normal hochfahre, erscheint ein Fenster, meine Laptopeigene Cam geht an und ich kann nichts mehr machen ausser einem Hardreset.

Ich habe schon im Forum gelesen, dass ich diverse Programme laden und laufen lassen soll, jedoch kann ich doch gar nichts machen, wenn dieses Fenster offen ist.

Ich bitte euch um Hilfe, ich weiss nicht mehr weiter...

t'john 11.09.2012 01:21
:hallo:

Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

BenjaminA 11.09.2012 12:51
Dieses Namen entfernen habe ich mit Strg+F und dann einfach ersetzen... Muss ich noch irgendetwas ausser meinen Namen entfernen?
Sonst hier erstmal die Dateien.
Ich wusste nicht wie ich den Laptop ohne Internet starten soll, habe dann einfach den abgesicherten Modus genommen, hoffe das war richtig?

OTL.txt

Code:
OTL logfile created on: 11.09.2012 13:32:44 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,82% Memory free
6,13 Gb Paging File | 5,89 Gb Available in Paging File | 96,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,29 Gb Total Space | 409,11 Gb Free Space | 89,86% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,32 Gb Free Space | 12,62% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,01% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SRTSPX) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Electronics Inc)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://web.vodafone.de/sbb/showPopupErrorPage?ltfu=1328802765000&SESSION_TARGET_URL=http%3A%2F%2Fgoogle.de%2F&REQUEST_IP=10.230.249.147&REQUEST_MSISDN=4915224832393&plgId=cjYrYlN3Ylc0d3hVeDRETE1lK0ZlWDZwYzVlVzRNUnVDS24zZ1lQcEFsUWtTUVdhK1JnQUhuK3RDS1JzTm5HaEJRR0hvTTNscVljc3VyQ1JxM1BsVXc9PQ%3D%3D&vbtVqa=true&locale=de_DE&rl=pro7&pd=REG"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.16 21:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.12 19:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 11:16:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:32:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 11:16:20 | 000,000,000 | ---D | M]
 
[2012.02.06 19:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.28 12:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jjs2ob33.default\extensions
[2012.08.28 12:33:46 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jjs2ob33.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.05.10 20:05:48 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jjs2ob33.default\extensions\ich@maltegoetz.de
[2012.05.03 05:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.28 12:49:15 | 000,455,379 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JJS2OB33.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012.07.16 23:18:04 | 000,030,926 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JJS2OB33.DEFAULT\EXTENSIONS\{99B98C2C-7274-45A3-A640-D9DF1A1C8460}.XPI
[2012.07.18 21:32:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.12 19:21:23 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.02.12 17:56:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 17:56:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 17:56:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 17:56:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 17:56:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 17:56:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TotalMediaTVMonitor] C:\Program Files\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3076BD1D-63F3-4ADA-9032-AC7F1E9F80F4}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF7B100C-A775-467B-A6ED-E51872B648C4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 13:31:56 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.10 16:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 16:02:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.10 16:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.10 16:01:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.10 16:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 12:39:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2012.08.16 11:15:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 23:27:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.14 23:27:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.14 23:27:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.14 23:27:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.14 23:27:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.14 23:27:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.14 23:27:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.14 23:27:43 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 13:37:45 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.11 13:31:47 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.11 13:31:47 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.11 13:31:47 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.11 13:31:47 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.11 13:29:40 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.11 13:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 16:28:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 16:15:48 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.09.10 16:15:38 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.09.10 16:11:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 16:11:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 16:02:57 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.29 15:29:37 | 000,108,032 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.29 13:34:36 | 000,001,728 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.29 12:46:16 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.29 12:46:16 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.15 20:18:09 | 000,465,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.10 16:02:57 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.29 13:34:36 | 000,001,728 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.29 13:34:34 | 083,023,306 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.05.31 14:13:20 | 000,001,480 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.05.31 13:24:13 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.05.03 20:48:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2012.05.03 20:47:11 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.04.03 16:11:49 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.04.02 22:01:17 | 000,000,424 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012.04.02 22:01:14 | 000,552,960 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe
[2012.04.02 21:59:42 | 000,303,104 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012.04.02 21:59:42 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
[2012.04.02 21:59:42 | 000,000,349 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.02.22 00:34:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.22 00:34:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.19 21:28:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.02.06 19:49:17 | 000,108,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 14:28:48 | 000,195,396 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.06 14:20:42 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.02.06 14:19:07 | 000,195,396 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

< End of report >
Extras.txt

Code:
OTL Extras logfile created on: 11.09.2012 13:32:44 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,82% Memory free
6,13 Gb Paging File | 5,89 Gb Available in Paging File | 96,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,29 Gb Total Space | 409,11 Gb Free Space | 89,86% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,32 Gb Free Space | 12,62% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,01% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11733008-53A7-4109-87F8-D0C9F8498671}" = lport=139 | protocol=6 | dir=in | app=system |
"{156AEDE4-43D4-496A-B3B4-2BA46478FD82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21ABE685-71BA-4984-AF3E-36AD343D64A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2A151EE1-8A44-4C59-9FDE-67D65C251F2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2B9B4075-74DC-4CA5-983E-8DEBFF43723A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D8C9772-575B-4015-867E-1E6879609FEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{42A87BEA-72E5-4B1A-9F34-CE1B8C74EBBF}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3A954A7-A1C2-40CA-B414-E8B51B61197B}" = lport=445 | protocol=6 | dir=in | app=system |
"{ACBA2B91-DF2E-4792-A69B-C3E5687A4411}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9EF772B-32CD-488D-8B65-A15E075E2730}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC3DDF21-29D2-45EE-BC89-A37EACE2F371}" = lport=137 | protocol=17 | dir=in | app=system |
"{FDD27FB3-0A39-445A-8309-D74D820E7AAA}" = rport=138 | protocol=17 | dir=out | app=system |
"{FF2098BE-5CCC-4171-9020-2A30BCAC1FAB}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0584FC15-FF37-4CAA-BA68-6B555623A63D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3D6AC87C-3FB9-480F-A25E-1F4B068CB9C6}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{3DE8CA39-DF4C-4737-8A02-65145E7D2E65}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{52238F8A-B4A9-42D4-8653-D6CE10B1318F}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5917D661-65CE-4D3B-AF89-63F8152AD7E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A01F3C0-CC0E-4BF6-877E-BD5647554EC0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D6B250E-5A8B-40F0-875D-1504DA135289}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{6FEE3428-A3AF-475F-B562-4F0AD70A610D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7AC12182-4250-42CD-8707-080C54E96E02}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{840751DE-1E76-4421-879C-3388EDD03E8B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{89B072EB-95C0-41C5-A4EC-675193A7C567}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{8CEC93E6-DA81-4779-AEB5-EA3C735B5FFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F4D8DF7-7EF5-4B1D-9B5C-BB419556F19E}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{901D6E47-875D-44FC-A832-F82599657B55}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{947677F3-03FC-472F-A2C7-F4DFA85272D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94E9C814-9164-436C-B724-95430BCF836F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9776D889-4099-4036-8643-B8734CB12F24}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{985A531C-27B9-40A2-B879-521E9EB91B12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC547D1A-750D-4EA7-8B23-F0E3CFFA3C3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BA250B9F-B727-45BA-A33D-A21F6E4632E4}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{CE4A896B-96C0-4EC4-8E55-A9D5F20FF70F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DBEBEF0D-402C-44A9-A11F-B3034F950CEF}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{E24194D3-D64C-46EB-A403-ED8C357E3B5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5DD350D-4715-43AE-A799-8AB93A3A67B3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E76ADEEB-D54D-4F9F-9A97-0BE6ED03AA1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9428705-77BE-43DC-8959-7E0FBB6F46F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ED43D962-9312-45B4-94D2-0EB8A32E3CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3FF538E-C12D-45E7-B073-02284E6D0B23}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CE13DFB-7320-4630-865F-DE98D8FE6791}" = ArcSoft TotalMedia TV
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"GoldWave v5.50" = GoldWave v5.50
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 2.0.2
"Web & TV Stick" = Web & TV Stick
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2012 14:21:45 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2012 15:35:14 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.08.2012 15:34:46 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.08.2012 10:20:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.08.2012 13:43:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.08.2012 06:20:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.08.2012 06:43:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.08.2012 07:37:55 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 29.08.2012 07:38:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.08.2012 10:40:18 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 05.04.2012 05:45:03 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
 
Error - 05.04.2012 05:45:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.04.2012 05:45:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 05.04.2012 05:45:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.04.2012 05:45:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.04.2012 05:46:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 07.04.2012 14:42:44 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
 
Error - 07.04.2012 14:43:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2012 14:43:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2012 14:43:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

t'john 12.09.2012 11:52
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "https://web.vodafone.de/sbb/showPopupErrorPage?ltfu=1328802765000&SESSION_TARGET_URL=http%3A%2F%2Fgoogle.de%2F&REQUEST_IP=10.230.249.147&REQUEST_MSISDN=4915224832393&plgId=cjYrYlN3Ylc0d3hVeDRETE1lK0ZlWDZwYzVlVzRNUnVDS24zZ1lQcEFsUWtTUVdhK1JnQUhuK3RDS1JzTm5HaEJRR0hvTTNscVljc3VyQ1JxM1BsVXc9PQ%3D%3D&vbtVqa=true&locale=de_DE&rl=pro7&pd=REG"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012.09.10 16:15:48 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.09.10 16:15:38 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.08.29 13:34:36 | 000,001,728 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.02.19 21:28:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.02.06 14:28:48 | 000,195,396 | ---- | C] () -- C:\ProgramData\nvModes.001
:Files


C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\***\AppData\Local\{*}
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

BenjaminA 12.09.2012 13:17
Unten im Code steht zB *.exe... Soll ich alle Sternchen zurücksetzen in den Benutzernamen, oder nur ***?

Ich habe jetzt nur die *** ersetzt.
Mein Laptop wird von mir momentan nur im Abgesicherten Modus genutzt, im Moment schreibe ich von einem Zweitlaptop.

Wie sieht das eigentlich aus mit externen Datenträgern, sprich wie kann ich sicher sein, dass meine externen FP nicht infiziert sind?

Hier erstmal der Log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93DEB777-BB06-401E-80F8-9C614C06C941}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93DEB777-BB06-401E-80F8-9C614C06C941}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93DEB777-BB06-401E-80F8-9C614C06C941}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "https://web.vodafone.de/sbb/showPopupErrorPage?ltfu=1328802765000&SESSION_TARGET_URL=http%3A%2F%2Fgoogle.de%2F&REQUEST_IP=10.230.249.147&REQUEST_MSISDN=4915224832393&plgId=cjYrYlN3Ylc0d3hVeDRETE1lK0ZlWDZwYzVlVzRNUnVDS24zZ1lQcEFsUWtTUVdhK1JnQUhuK3RDS1JzTm5HaEJRR0hvTTNscVljc3VyQ1JxM1BsVXc9PQ%3D%3D&vbtVqa=true&locale=de_DE&rl=pro7&pd=REG" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cm106Sound deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20526ce0-51bb-11e1-9c3c-00238bfb2804}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20526ce1-51bb-11e1-9c3c-00238bfb2804}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec01fc-50ce-11e1-a5cd-00238bfb2804}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec021a-50ce-11e1-a5cd-00238bfb2804}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec021f-50ce-11e1-a5cd-00238bfb2804}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ec0220-50ce-11e1-a5cd-00238bfb2804}\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\nud0repor.pad moved successfully.
C:\ProgramData\hpqp.ini moved successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\System32\ezsidmv.dat moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\AppData\Local\{*} not found.
File\Folder C:\Users\***\AppData\Local\Temp\*.exe not found.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 212056 bytes
->Temporary Internet Files folder emptied: 229778 bytes
->FireFox cache emptied: 176805364 bytes
->Flash cache emptied: 538 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 169,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 09122012_142302

t'john 15.09.2012 10:58
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

BenjaminA 17.09.2012 15:43
Sorry hat etwas länger gedauert, war das WE unterwegs...
Der Laptop läuft soweit 1A, ich brauche keinen Abgesicherten Modus mehr und auch surfen funktioniert. Die JAVA updates die mir vorgeschlagen werden, habe ich erstmal nicht gemacht, bis ich weiss dass alles wieder fit ist.

Die infizierte Datei habe ich gelöscht!

Hier die Logs:


Malwarebytes Protection Log
Code:
2012/09/17 16:23:43 +0200        ***-PC        ***        MESSAGE        Starting database refresh
2012/09/17 16:23:46 +0200        ***-PC        ***        MESSAGE        Database refreshed successfully
Malwarebyts Log 2012-09-16 15:56:33
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

16.09.2012 15:56:33
mbam-log-2012-09-16 (15-56-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1203883
Laufzeit: 1 Tag(en), 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5dd9280f-3f1b4ad8 (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Malwarebytes Log 2012-09-17 16:16:24
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

16.09.2012 15:56:33
mbam-log-2012-09-17 (16-16-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1203883
Laufzeit: 1 Tag(en), 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5dd9280f-3f1b4ad8 (Trojan.PWS) -> Keine Aktion durchgeführt.

(Ende)
AdwCleaner[R1]
Code:
# AdwCleaner v2.002 - Datei am 09/17/2012 um 16:27:12 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jjs2ob33.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1098 octets] - [17/09/2012 16:27:12]

########## EOF - C:\AdwCleaner[R1].txt - [1158 octets] ##########

t'john 18.09.2012 02:28
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

BenjaminA 19.09.2012 01:00
ADW Cleaner
Code:
# AdwCleaner v2.002 - Datei am 09/18/2012 um 18:56:04 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jjs2ob33.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1227 octets] - [17/09/2012 16:27:12]
AdwCleaner[S1].txt - [1603 octets] - [18/09/2012 18:56:04]

########## EOF - C:\AdwCleaner[S1].txt - [1663 octets] ##########
Emisoft Log
Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 18.09.2012 19:05:43

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        18.09.2012 19:06:16

C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111f.class        gefunden: Java.CVE!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111b.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111a.class        gefunden: Virus.Java.Exploit!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\78511f7c-3ab1e019 -> q_a\q_a.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\78511f7c-3ab1e019 -> q_a\q_c.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\78511f7c-3ab1e019 -> q_a\q_b.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111d.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47f20c2f-6670ee9b -> a\a2.class        gefunden: Exploit.Java.CVE!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111e.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47f20c2f-6670ee9b -> a\a1.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad -> NkeGa\NkeGe.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47f20c2f-6670ee9b -> a\a.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad -> NkeGa\NkeGc.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e -> n111111a\n111111c.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad -> NkeGa\NkeGb.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad -> NkeGa\NkeGd.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a0943a8-62385b97 -> epa\epa.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a0943a8-62385b97 -> epa\epd.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a0943a8-62385b97 -> epa\epc.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad -> NkeGa\NkeGa.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3112faa-7c9170c8 -> JavaDCM5.class        gefunden: Trojan-Downloader.Java.OpenStream!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a0943a8-62385b97 -> epa\epb.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> rc.class        gefunden: Java.Downloader.BS!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> Dot.class        gefunden: Exploit.Java.CVE-2010-0094!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> ER.class        gefunden: Trojan.Java.Exploit!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> rb.class        gefunden: Exploit.MS04.CVE-2004-0210-2011-3544.CB!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> lz.class        gefunden: Trojan.Java.Exploit!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> rd.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf -> ra.class        gefunden: Exploit.-!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\77872659-6f82b8b0 -> a\Help.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\77872659-6f82b8b0 -> a\Test.class        gefunden: Exploit.Java.CVE-2012!E2
C:\HP\BIN\EndProcess.exe        gefunden: Riskware.Win32.KillApp!E1

Gescannt        674925
Gefunden        32

Scan Ende:        19.09.2012 01:41:22
Scan Zeit:        6:35:06

t'john 19.09.2012 18:06
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

BenjaminA 20.09.2012 09:19
ESET Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=75c5a46336da8340bc07a116ee339869
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-20 08:11:09
# local_time=2012-09-20 10:11:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 19579446 19579446 0 0
# compatibility_mode=5892 16776573 100 100 133359 185653375 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=230161
# found=8
# cleaned=8
# scan_time=8022
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\77872659-6f82b8b0        Java/TrojanDownloader.Agent.NDR trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7c5fccc3-26219fbf        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3a0943a8-62385b97        Java/Exploit.CVE-2012-1723.AD trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3112faa-7c9170c8        a variant of Java/TrojanDownloader.OpenStream.AJ trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\134dff6c-34712bad        Java/Exploit.CVE-2012-1723.AQ trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47f20c2f-6670ee9b        Java/Exploit.Agent.NBQ trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-1e92859e        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles\09122012_142302\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\78511f7c-3ab1e019        Java/Exploit.CVE-2012-0507.CG trojan (deleted - quarantined)        00000000000000000000000000000000        C

t'john 21.09.2012 18:09
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

BenjaminA 23.09.2012 16:36
Vor Deaktivierung
Code:
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 14.0.1 ist aktuell

    Flash (11,4,402,265) ist aktuell.

    Java (1,7,0,7) ist aktuell.

    Adobe Reader 10,1,4,38 ist aktuell.

 

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent
Nach Deaktivierung
Code:
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

    Firefox 14.0.1 ist aktuell

    Flash (11,4,402,265) ist aktuell.

    Java ist Installiert aber nicht aktiviert.

    Adobe Reader 10,1,4,38 ist aktuell.

 

Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent

t'john 25.09.2012 11:11
Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

BenjaminA 25.09.2012 22:40
Vielen vielen Dank!!!!

Mein Laptop läuft wieder rund und einwandfrei.
Deine "Checkliste" hab mich dann auch gleich abgearbeitet und muss sagen: Einfach toll, was ihr hier völlig gratis und (ich denke mal in eurer Freizeit) macht.

Nur eine kleine Frage habe ich noch, das Zurücksetzen der Sicherheitszonen konnte ich nur im IE machen, den ich eigentlich nie nutze, ist mein FF dennoch sicher?

Nochmal vielen Dank und weiter so!


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:45 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131