Trojaner-Board - Bundespolizei Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Bundespolizei Trojaner (https://www.trojaner-board.de/111166-bundespolizei-trojaner.html)

Bundespolizei Trojaner

Hi,

bitte einen Thread eröffnen...
Und das Log von OTL posten:
OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (hxxp://oldtimer.geekstogo.com/OTL.exe) und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

Zitat:
Zitat von pc-idiot
Hallo .. kannst du mir auch helfen?

Ich habe diesen bekannten TRojaner "Bundespolizei", der alles sperrt und 100 Euro von einem will.

Hab verschiedene Cleaner und Virenprogramme um abgesicherten Modus runtergeladen und durchlaufen lassen, jedoch ohne Erfolg. Habe gesehen, du hast hier einem Betroffenen heute helfen können. Ich verstehe von den ganzen Ausführungen jedoch nur max. die Hälfte. Hab von diesen ganzen PC-Dingen keine Ahnung, kenn die Fachbegriffe und Abkürzungen nicht. Also wenn du mir hilfst, denn bitte schreib so, wie wenn du es deiner 7 jährigen Tochter erklärst.

Ich hab so viel verstanden, dass ich diese OTL Programm herunterladen muss/soll. Wie gehts dann weiter?

Gibt es nicht einen Cleaner, der diesen Virus erkennt und vernichtet?

Ich würde dir für die Hilfe sogar Geld überweisen, denn ich bin echt am verzweifeln.

Wär nett, wenn du helfen könntest.

LG

hallo chris ... habe soweit alles gemacht wie von dir beschrieben. die logfiles sind folgende:

Extras.Txt:
OTL Logfile:

Code:

OTL Extras logfile created on: 09.03.2012 09:28:12 - Run 2

OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Martin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,76% Memory free

6,18 Gb Paging File | 5,91 Gb Available in Paging File | 95,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 94,16 Gb Total Space | 35,17 Gb Free Space | 37,36% Space Free | Partition Type: NTFS

Drive D: | 195,14 Gb Total Space | 55,88 Gb Free Space | 28,63% Space Free | Partition Type: NTFS

Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()

Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03BE16C2-7F81-496F-9AE5-F7EBF80F036A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{170C8C54-B392-482B-9F23-9C228860FBE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{1CCD7AA4-B0C2-428B-A372-AFFF1E5E059D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{311D4DFF-1964-4149-8CDE-F7DA989823CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{397E7F37-6BA5-493E-B053-FE02E7844F1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{450CBD0B-816F-4106-9EB5-1977F2968659}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{5CC650F9-0B20-425B-A6BC-CA8778FAA934}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{65143E8F-41E8-4233-9510-EB3714628AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{71515D20-171F-4E86-912C-125B88F4B345}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{8D57A384-9F1E-4C2A-ACC3-CC0382368005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B0A23F26-669C-45D8-ADB8-1F4D985D00DF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B8C62B2F-6F39-4769-906B-582FC3B3ACD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BD957A4F-BA1D-4E60-8C1F-8568D71181B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{CC7D6AE0-EEBB-441F-8ECE-63F8F974063D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{CFB04593-8C8E-4C3D-877E-8EA94C0BE255}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F07E294F-C817-4161-9798-87265245EEA7}" = rport=2869 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04BF250E-B80E-47E9-8D95-AC75A0DB66A0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{1DC7653A-614F-457F-BC71-BC0B28290A25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{260965F7-DC2A-473A-87CD-4B8BB5A63B69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{29E666AF-2A82-4401-8633-3FB72FEC3A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2A2AEB15-0949-48BF-B739-6F2A2938D4F0}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 

"{37AA4EEE-F69D-4A11-83C3-AEE785797E5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{47C2EDB2-674B-48FC-999C-38260E4A2571}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"{48CC86E9-7783-46BC-9A2B-45EB5D71F10D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"{6508ECC3-D78E-4A5D-B8EF-FD4E375B0F30}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{68785373-888A-485A-97D3-133C7A352D67}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 

"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{759CA9A0-E57A-4EC9-9CAD-510A176444E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{932AAF37-DE4A-4343-BC0C-8B0F7CCA84F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{94A6A708-8D34-4075-9B60-25485ABB4705}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{CDB55A2E-B884-48AA-9813-959975024403}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{06E68202-05AD-47BB-98A8-F12D3B24985C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{1DFD7C6E-33E5-45BD-B08E-55D720A6490F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{20AE0F50-EBD3-4618-AF7B-2DC8726B2079}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{272EC2EE-33E4-4036-909F-368D12AF36EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{858A3433-1C59-4D9E-89A8-F93E29CA173E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{8E0C5033-B28B-437B-8911-676411FCA7E3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{981E0A58-25A6-4A71-9D05-DA9C0B7A072A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{A61CAEDE-ED7A-4FA5-982C-5C36DEBEE68E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{AEF01DE3-C8EB-45F7-A975-C91C9A0E631A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{B623211E-D96A-4A1D-ACC5-A8B946449A0D}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{BCC61290-BC9D-45C1-8E45-8AFE68ABDAD2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"TCP Query User{E4DD02B6-35F2-45AC-A6F1-B20AF248FFC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"TCP Query User{EB60AFD4-37BA-4704-880E-3F59BFFF2E3E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{F60A3D7D-1F10-4CD9-B688-E0443C00FB26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{FC32036E-01D4-4084-8927-F16DCF0E048E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{01392A9D-02E5-4AE4-8F4F-31A37648D34C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"UDP Query User{19298AB5-B819-45E1-9C56-343C438ED144}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{3188EB50-F8F4-4DE0-9115-B563F46EA573}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{3A3CDE58-E432-4421-9FDA-351B12388A41}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{49065ACF-A1DE-47BD-9CD1-C3D7706FE99D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{8293C225-A4C3-43A2-91A8-EDDDC82E6FB1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{8889C0A0-19FD-48F5-84FA-C275C4108737}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{8AA3325E-6B97-4584-AF7D-2798EA36B6CD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8E5A5E82-6A11-407D-B54B-FC2E13A6D1D4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{A3872F3A-39DD-4AFF-91F8-82CE46EE3855}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{CBA3C2E5-25EE-4E4A-A976-357519A48F30}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"UDP Query User{CBE30CE5-0D22-4292-AF56-17A8105693EC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{CF4CF07A-B9FC-48BC-AA99-346F5AC55733}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{EFA51997-3254-406D-AAF8-67F9FF38301C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{F9FEF081-39B9-485E-95AA-CB9A9671F1BD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch

"{AD5A6099-D163-4DE9-9485-F2A210EE09B4}" = Langenscheidt Vokabeltrainer 4.0 Demoversion

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung

"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.5

"Defraggler" = Defraggler

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ElsterFormular 11.5.0.4546" = ElsterFormular

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"Luxor Amun Rising" = Luxor Amun Rising (remove only)

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)

"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoScape" = PhotoScape

"Picasa 3" = Picasa 3

"Pixum EasyBook" = Pixum EasyBook

"Poker Superstars II" = Poker Superstars II (remove only)

"RegClean Pro_is1" = RegClean Pro

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.0.3

"Trojan Remover_is1" = Trojan Remover 6.8.3

"TrojanHunter_is1" = TrojanHunter 5.5

"ucqemcq" = Favorit

"Virtual Villagers" = Virtual Villagers (remove only)

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145697977

 

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145697977

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145698975

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145698975

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145700176

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145700176

 

Error - 05.09.2011 04:26:25 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10

Description = 

 

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

OTL.TxtOTL Logfile:

Code:

OTL logfile created on: 09.03.2012 09:28:12 - Run 2

OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Martin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,76% Memory free

6,18 Gb Paging File | 5,91 Gb Available in Paging File | 95,61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 94,16 Gb Total Space | 35,17 Gb Free Space | 37,36% Space Free | Partition Type: NTFS

Drive D: | 195,14 Gb Total Space | 55,88 Gb Free Space | 28,63% Space Free | Partition Type: NTFS

Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Norman NJeeves) --  File not found

SRV - (AviraUpgradeService) --  File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)

SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <公司名稱>)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) --  File not found

DRV - (NwlnkFwd) --  File not found

DRV - (NwlnkFlt) --  File not found

DRV - (IpInIp) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)

DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)

DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)

DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)

DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)

DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)

DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)

DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys ()

DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)

DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)

DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)

DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)

DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI)

DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC

IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}

IE - HKCU\..\SearchScopes\{08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de

IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mSRsvz6jFP9h0TVyCw73QHO6YHc?q={searchTerms}

IE - HKCU\..\SearchScopes\{880DF7F5-F0D3-4051-B68C-5A2C2D315E4F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{EB825AC3-D8CE-4F1E-8986-F095BB93D20B}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.haz.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 13:17:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.19 18:44:50 | 000,000,000 | ---D | M]

 

[2010.06.02 08:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions

[2012.01.25 19:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions

[2012.01.17 11:17:29 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2010.10.20 11:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.25 19:57:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.09.01 09:12:13 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\2020Player_IKEA@2020Technologies.com

[2012.01.17 11:17:40 | 000,002,354 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\aol-web-search.xml

[2010.12.31 16:58:19 | 000,001,196 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\winamp-search.xml

[2012.01.02 20:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.15 21:17:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.02.17 13:17:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.08 13:25:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.08 13:25:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.08 13:25:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.08 13:25:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.08 13:25:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.08 13:25:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Skype Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)

O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell - "" = AutoRun

O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.08 20:18:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.03.08 20:18:19 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.03.08 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.03.08 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.03.08 20:06:48 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe

[2012.03.08 19:39:43 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe

[2012.03.08 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrojanHunter

[2012.03.08 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Systweak

[2012.03.08 16:05:13 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2012.03.08 16:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

[2012.03.08 16:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro

[2012.03.08 15:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter

[2012.03.08 15:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter

[2012.03.08 15:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5

[2012.03.08 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012.03.08 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Simply Super Software

[2012.03.08 15:39:20 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll

[2012.03.08 15:39:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll

[2012.03.08 15:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Simply Super Software

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2012.03.04 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bank

[2012.03.03 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\Wgh

[2012.02.15 20:44:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.02.15 20:44:15 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.02.15 20:44:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.02.15 20:44:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.02.15 20:44:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.02.15 20:44:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.02.15 19:37:11 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.02.13 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner

[2012.02.13 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira

[2012.02.13 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.02.13 11:41:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.02.13 11:41:06 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.13 11:41:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.09 09:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.09 09:24:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job

[2012.03.09 09:20:40 | 001,587,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.09 09:20:40 | 000,893,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.09 09:20:40 | 000,438,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.09 09:20:40 | 000,389,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.09 09:17:41 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.03.09 09:17:41 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.03.09 09:17:17 | 000,002,447 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk

[2012.03.09 09:17:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.09 09:17:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.09 09:17:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.08 20:16:49 | 210,292,736 | ---- | M] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso

[2012.03.08 20:12:21 | 074,761,776 | ---- | M] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe

[2012.03.08 20:07:25 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.08 20:06:56 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe

[2012.03.08 19:39:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe

[2012.03.08 19:37:36 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat

[2012.03.08 18:21:44 | 000,001,791 | ---- | M] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk

[2012.03.08 16:05:26 | 000,101,888 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.08 16:05:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012.03.08 16:05:21 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job

[2012.03.08 15:49:31 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll

[2012.03.08 14:55:11 | 007,367,726 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat

[2012.03.08 10:02:24 | 000,883,840 | ---- | M] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe

[2012.03.07 23:54:27 | 000,000,902 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk

[2012.03.07 23:51:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.07 21:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.03.07 13:27:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.03.05 21:26:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.03.02 13:12:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012.02.15 22:23:10 | 000,370,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.15 20:09:07 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.13 11:41:24 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.13 09:45:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.08 20:10:06 | 210,292,736 | ---- | C] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso

[2012.03.08 20:09:22 | 074,761,776 | ---- | C] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe

[2012.03.08 20:07:25 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.08 16:05:21 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Prosch.job

[2012.03.08 15:49:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll

[2012.03.08 15:39:20 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll

[2012.03.08 15:39:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2012.03.08 15:39:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2012.03.08 15:39:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2012.03.08 15:39:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll

[2012.03.08 14:54:53 | 007,367,726 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat

[2012.03.08 10:02:30 | 000,001,791 | ---- | C] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk

[2012.03.08 10:02:23 | 000,883,840 | ---- | C] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe

[2012.03.07 23:54:27 | 000,000,902 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk

[2012.02.13 11:41:24 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.11 18:58:58 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2011.11.04 08:24:10 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat

[2011.10.13 16:45:00 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.10.02 19:49:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011.10.02 19:49:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011.05.05 17:42:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.08.30 09:09:27 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\hngmfc.dat

[2010.08.03 14:30:39 | 000,000,020 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\bawuho.dat

[2010.08.03 14:30:30 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\avdrn.dat

[2010.05.26 16:37:13 | 000,000,004 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\ovczpx.dat

[2010.05.14 16:18:47 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\qvjsge.dat
 

< End of report >

--- --- ---

Hi,

hmm, scheint was neues zu sein. Das Log ist vom verseuchten Konto?

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:

:OTL

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found

O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()

[2011.11.04 08:24:10 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat

[2010.08.30 09:09:27 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\hngmfc.dat

[2010.08.03 14:30:39 | 000,000,020 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\bawuho.dat

[2010.08.03 14:30:30 | 000,000,008 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\avdrn.dat

[2010.05.26 16:37:13 | 000,000,004 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\ovczpx.dat

[2010.05.14 16:18:47 | 000,000,016 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\qvjsge.dat
 

:Commands

[purity]

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Kann deine neue Anweisung nicht ausführen, da der PC einen neustart durchführen will, nachdem ich den Run Fix geklickt habe. Nach dem Neustart ist natürlich alles weg ... was soll icvh machen ..

Hi,

suche die Logs im Ordner C:\_OTL... und poste sie dann... lass danach mam laufen...

chris

habie meinen nick nicht zufällig ausgewählt :

ich hoffe, ich hab das richtig verstanden, also:

wenn ich unter laufwerk "c" auf den ordner "_OTL" klicke, dann kommt dort ein unterordner "moved files". in diesem befinden sich zwei textdokumente. willst du diese? ich poste sie nachfolgend:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk moved successfully.
C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe moved successfully.
C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat moved successfully.
C:\Users\Martin\AppData\Roaming\hngmfc.dat moved successfully.
C:\Users\Martin\AppData\Roaming\bawuho.dat moved successfully.
C:\Users\Martin\AppData\Roaming\avdrn.dat moved successfully.
C:\Users\Martin\AppData\Roaming\ovczpx.dat moved successfully.
C:\Users\Martin\AppData\Roaming\qvjsge.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 3213 bytes
->Temporary Internet Files folder emptied: 2211161 bytes
->Java cache emptied: 30975506 bytes
->FireFox cache emptied: 120169372 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 864 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7207818 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153,00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03092012_104004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File move failed. C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk scheduled to be moved on reboot.
File C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe not found.
File C:\Users\Martin\AppData\Roaming\20jg9pppa91ntrk0.dat not found.
File C:\Users\Martin\AppData\Roaming\hngmfc.dat not found.
File C:\Users\Martin\AppData\Roaming\bawuho.dat not found.
File C:\Users\Martin\AppData\Roaming\avdrn.dat not found.
File C:\Users\Martin\AppData\Roaming\ovczpx.dat not found.
File C:\Users\Martin\AppData\Roaming\qvjsge.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3252584 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8004679 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03092012_105010

was meinst du mit "lass danach mam laufen"??? versteh ich nicht

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

das geht leider beides nicht.

entweder erscheint "auf den windows installationsdienst kann nicht zugegriffen werden" oder

"an error occurred. please report the following error code to the malwarebytes - error code 732 (o,o)

kann mir sonst keiner helfen? chris wo bist du?

Hi,

folge dem Link (Protection Module Errors - Malwarebytes Forum, dort dem folgenden Post:

For Windows Vista and Windows 7:

Click on the Start Posted Image button and select Control Panel
Click on Programs and Features
Uninstall Malwarebytes' Anti-Malware
Restart your computer very important
Download and run mbam-clean.exe from here http://www.malwarebytes.org/mbam-clean.exe
It will ask to restart your computer, please allow it to do so very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Malwarebytes Anti-Malware - Download.com. Remember to enable your Anti-Virus after installation.

Falls das nichts bringt, das hier durchführen :
Windowsinstaller neu installieren:
Windows Installer deinstallieren und neu installieren - msiexec.exe [Updated]

Erstelle ein neues OTL-Log und poste es hier...

chris

Sorry Chris, ich finds super, dass du mir hilfst und Zeit dafür investierst, aber ich hab schon mal gesagt, dass ich ein PC-IDIOT bin und das so alles nicht verstehe.

Wir haben mal angefangen damit, dass ich mir so ein OTL Programm runtergeladen habe, ohne überhaupt zu wissen, was dieses programm macht. dann hab ich hier zwei textdateien gepostet. Was haben die denn ergeben?

Jetzt soll ich auf einen link klicken und dort den post "For Windows Vista and Windows 7" folgen. Aber wo bitte ist dort ein post "For Windows Vista and Windows 7" ??????????????????????????

Hallo,

wer scrollen kann ist klar im Vorteil...

Dann noch mal:

Den Cleaner von hier runterladen und ausführen:
http://www.malwarebytes.org/mbam-clean.exe

Nach Durchführung wirst Du gefragt ob der Rechner neu gestartet wird, das unbedingt durchführen lassen.

Dann MAM neu runterladen und installieren Malwarebytes Anti-Malware - Download.com.

Falls das nicht funktioniert, muß der Windowsinstaller wie folgt neu installiert werden...

Windows Installer deinstallieren und neu installieren - msiexec.exe
Windows Installer deinstallieren und neu installieren - msiexec.exe [Updated]

Danach ein neues OTL-Log und poste es hier...

chris

ok, ich versuchs ... mach ich das denn alles im abgesicherten modus?

was ist nach dem neustart? geh ich nach neustart wieder im abgesicherten modus rein oder normal?

noch ne frage ... wenn ich dann den MAM erneut runtergeladen habe, soll ich dann auch einen scan mit dem MAM-Programm durchführen? und wenn ja, welchen? den quick oder den vollständigen scan?

Hi,

MAM mit Fullscan im abgesicherten Modus laufen lassen...
Poste das Log...

chris

ok, das MAM hat 24 infizierte objekte gefunden. sollen die entfernt werden oder was saoll ich mit denen machen?

und dann wieder OTL laufen lassen und die "Extras" und die "OLT" Datei posten? hab ich das richtig verstanden?

Hi,

poste bitte das Ergebniss von MAM hier...
Dann folgen ev. weitere Schritte...

chris

oder meinst du das MAM-Log?

das lautet nach dem scan und VOR dem Löschen der infizierten Programme:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.10.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [Administrator]

Schutz: Deaktiviert

10.03.2012 21:43:07
mbam-log-2012-03-10 (22-42-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345876
Laufzeit: 53 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\OOO (Malware.Trace) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\OOO (Rogue.LivePlayer) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\Users\Martin\AppData\Roaming\PCenter (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\keys (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\temp (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\wedfwefeee.exe (Trojan.SpyEyes) -> Keine Aktion durchgeführt.
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
C:\Users\Martin\AppData\Local\Temp\0.03131854124746003.exe (Spyware.Zbot.ES) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\cg.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\mw.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\rd.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\sc.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\sm.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\dbases\sp.dat (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\keys\cg.key (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\keys\rd.key (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\keys\sc.key (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\keys\sp.key (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\temp\settings.ini (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Roaming\PCenter\temp\spfilter (Rogue.PCenter) -> Keine Aktion durchgeführt.
C:\wedfwefeee.exe\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

(Ende)

Hi,

alles löschen lassen...
Spyeyes und ein Backdoor, eigentlich solltest Du Neuaufsetzen...
Von einem sauberen Rechner aus alle Passwörter im Internet ändern (z. B. Eby, Amazon etc.)...

Poste nach dem MAM den Rechner neu gebootet hat ein neues OGL-Log und lass über Nacht Curteit / Dr. Web laufen...

Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
Ps.: bin dann offline, bis morgen...

also, letztlich musst du beurteilen, ob das hier sinn macht - ich habe keine ahnung. wenn du meinst neuaufsetzen ist besser, dann muss ich das machen, wobei ich da auch überhaupt nicht weiß, wie das geht.

folgenden Satz versteh ich nicht, bitte nochmal erklären:

"Poste nach dem MAM den Rechner neu gebootet hat ein neues OGL-Log ..."

ich kümmere mich jetzt erst mal um "Cureit".Was bringt das?

Hi,

ich meinte ein neues OTL-Log posten...

Cureit ist ein anderer Scanner, jeder hat so seine Schwächen/Stärken... Was MAM übersieht findet meist Cureit...

Poste das Log von Cureit&Otl...

chris

hallo ... der scan von dr.web-cureIT ist jetzt endlich durch. er hat einiges an viren gefunden. was soll ich mit denen jetzt machen? desinfizieren oder löschen oder was?

und wie soll ich den inhalt des logs posten? der dr. web scanner lässt mich auf nichts zugreifen. ich müsste erst die dr. web anwendung schließen, bevor ich wieder auf funktionen zugreifen kann. daher weiß ich auch nicht, ob ich jetzt die viren löschen soll oder nicht. ich mach erst mal nichts und warte auf deine antwort.

Also, ich habe jetzt doch auf "löschen" geklickt ... habe aber das gefühl, dass nicht alle dateien, die als infiziert gemeldet worden sind, gelöscht werden konnten und sich die dr.-web anwendung irgendwie aufgehängt hat.

in dem quarantäne-ordner sind 5 dateien abgelegt.

bei der textdatei "cureIT" hab ich nach dem wort " infiziert" gesucht und poste nachfolgend alle zeilen mit dem wort infiziert:

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 93471
Infiziert: 0

Desinfiziert: 0

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 1126
Infiziert: 0

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 1126
Infiziert: 0
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 0
Desinfiziert: 0

>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\034362c7.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\034362c7.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\498b11f3.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\498b11f3.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\511c3638.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\511c3638.qua - Archiv enthält infizierte Objekte - verschoben

C:\Documents and Settings\Martin\Anwendungsdaten\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus

C:\Documents and Settings\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus

C:\Documents and Settings\Martin\Desktop\OTL.exe infiziert mit Trojan.Siggen3.52699 - nicht desinfizierbar - verschoben

>>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\034362c7.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\034362c7.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\498b11f3.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\498b11f3.qua - Archiv enthält infizierte Objekte - verschoben

>>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\511c3638.qua/data001 - infiziert mit Trojan.Click1.59251

>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\511c3638.qua - Archiv enthält infizierte Objekte - verschoben

C:\Documents and Settings\Martin\DoctorWeb\Quarantine\OTL.exe infiziert mit Trojan.Siggen3.52699 - nicht desinfizierbar - verschoben

C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 606433
Infiziert: 8

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 606433
Infiziert: 8
Modifikationen: 0
Verdächtig: 3
Adware: 2
Dialer: 0
Scherzprogramme: 0
Riskware: 2
Hacktools: 0
Desinfiziert: 0

Gesamtsitzungsstatistik
=============================================================================
Gescannt: 701032
Infiziert: 8
Modifikationen: 0
Verdächtig: 3
Adware: 2
Dialer: 0
Scherzprogramme: 0
Riskware: 2
Hacktools: 0
Desinfiziert: 0

Hab ich das bis hierher richtig gemacht? Wie gehts weiter? Du brauchst jetzt noch ein neues OTL?!

Hi,

poste ein neues OTL-Log... Was Dr.Web/Cureit gefunden hat war nichts "so interessant"...

chris

ok. sie OTL:OTL Logfile:

Code:

OTL logfile created on: 11.03.2012 19:59:27 - Run 4

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Martin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,87% Memory free

6,19 Gb Paging File | 5,34 Gb Available in Paging File | 86,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 94,16 Gb Total Space | 33,34 Gb Free Space | 35,40% Space Free | Partition Type: NTFS

Drive D: | 195,14 Gb Total Space | 55,64 Gb Free Space | 28,51% Space Free | Partition Type: NTFS

Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Norman NJeeves) --  File not found

SRV - (AviraUpgradeService) --  File not found

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)

SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <公司名稱>)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) --  File not found

DRV - (NwlnkFwd) --  File not found

DRV - (NwlnkFlt) --  File not found

DRV - (IpInIp) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)

DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)

DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)

DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)

DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)

DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)

DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)

DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys ()

DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)

DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)

DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)

DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)

DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI)

DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC

IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}

IE - HKCU\..\SearchScopes\{08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de

IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mSRsvz6jFP9h0TVyCw73QHO6YHc?q={searchTerms}

IE - HKCU\..\SearchScopes\{880DF7F5-F0D3-4051-B68C-5A2C2D315E4F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{EB825AC3-D8CE-4F1E-8986-F095BB93D20B}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.haz.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 13:17:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.19 18:44:50 | 000,000,000 | ---D | M]

 

[2010.06.02 08:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions

[2012.03.09 22:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions

[2012.01.17 11:17:29 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2010.10.20 11:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.25 19:57:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.03.09 22:37:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2011.09.01 09:12:13 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\2020Player_IKEA@2020Technologies.com

[2012.01.17 11:17:40 | 000,002,354 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\aol-web-search.xml

[2010.12.31 16:58:19 | 000,001,196 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\winamp-search.xml

[2012.01.02 20:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.06.15 21:17:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.02.17 13:17:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.08 13:25:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.08 13:25:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.08 13:25:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.08 13:25:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.08 13:25:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.08 13:25:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Skype Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.3\PriceGongIE.dll (PriceGong)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)

O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell - "" = AutoRun

O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.11 19:53:39 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe

[2012.03.10 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\DoctorWeb

[2012.03.10 21:23:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes

[2012.03.10 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.10 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.10 21:23:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.10 21:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.10 21:21:07 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam--setup-1.60.1.1000.exe

[2012.03.10 21:16:07 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Martin\Desktop\mbam-clean.exe

[2012.03.09 22:45:09 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.03.09 22:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

[2012.03.09 22:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong

[2012.03.09 22:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2012.03.09 22:37:21 | 009,221,696 | ---- | C] (McAfee Inc.) -- C:\Users\Martin\Desktop\stinger-10.2.0.530.exe

[2012.03.09 22:12:47 | 045,106,984 | ---- | C] (Mischel Internet Security                                   ) -- C:\Users\Martin\Desktop\TrojanHunter55Setup.exe

[2012.03.09 21:06:56 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\Users\Martin\Desktop\NPE25.exe

[2012.03.09 15:48:22 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2012.03.09 15:48:22 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2012.03.09 15:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2012.03.09 15:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012

[2012.03.09 15:29:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbam-installer

[2012.03.09 15:25:34 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\Martin\Desktop\TuneUpUtilities2012_de-DE.exe

[2012.03.09 10:40:04 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.03.08 20:18:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.03.08 20:18:19 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.03.08 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.03.08 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.03.08 20:06:48 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe

[2012.03.08 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrojanHunter

[2012.03.08 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Systweak

[2012.03.08 16:05:13 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2012.03.08 16:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

[2012.03.08 16:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro

[2012.03.08 15:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter

[2012.03.08 15:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter

[2012.03.08 15:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5

[2012.03.08 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012.03.08 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Simply Super Software

[2012.03.08 15:39:20 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll

[2012.03.08 15:39:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll

[2012.03.08 15:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Simply Super Software

[2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2012.03.04 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bank

[2012.03.03 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\Wgh

[2012.02.15 20:44:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.02.15 20:44:15 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.02.15 20:44:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.02.15 20:44:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.02.15 20:44:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.02.15 20:44:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.02.15 19:37:11 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.02.13 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner

[2012.02.13 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira

[2012.02.13 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.02.13 11:41:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.02.13 11:41:06 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.13 11:41:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.11 19:53:39 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe

[2012.03.11 00:49:51 | 081,316,632 | ---- | M] () -- C:\Users\Martin\Desktop\rq28mjjk.exe

[2012.03.11 00:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.10 23:49:49 | 081,312,088 | ---- | M] () -- C:\Users\Martin\Desktop\drweb-cureit.exe

[2012.03.10 23:37:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.10 23:37:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.10 23:37:18 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.03.10 21:23:03 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.10 21:21:10 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam--setup-1.60.1.1000.exe

[2012.03.10 21:17:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.10 21:17:20 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job

[2012.03.10 21:16:08 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Martin\Desktop\mbam-clean.exe

[2012.03.09 22:45:09 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.03.09 22:37:38 | 009,221,696 | ---- | M] (McAfee Inc.) -- C:\Users\Martin\Desktop\stinger-10.2.0.530.exe

[2012.03.09 22:15:20 | 000,000,780 | ---- | M] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk

[2012.03.09 22:14:59 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.03.09 22:13:51 | 045,106,984 | ---- | M] (Mischel Internet Security                                   ) -- C:\Users\Martin\Desktop\TrojanHunter55Setup.exe

[2012.03.09 21:57:12 | 001,634,086 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.09 21:57:12 | 000,907,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.09 21:57:12 | 000,403,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.09 21:57:11 | 000,453,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.09 21:51:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.09 21:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.03.09 21:06:56 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\Users\Martin\Desktop\NPE25.exe

[2012.03.09 15:48:18 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2012.03.09 15:48:18 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012.03.09 15:29:26 | 001,035,136 | ---- | M] () -- C:\Users\Martin\Desktop\HT42C7ZkG.exe

[2012.03.09 15:26:18 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\Martin\Desktop\TuneUpUtilities2012_de-DE.exe

[2012.03.08 20:16:49 | 210,292,736 | ---- | M] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso

[2012.03.08 20:12:21 | 074,761,776 | ---- | M] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe

[2012.03.08 20:07:25 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.08 20:06:56 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe

[2012.03.08 19:37:36 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat

[2012.03.08 18:21:44 | 000,001,791 | ---- | M] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk

[2012.03.08 16:05:26 | 000,101,888 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.08 16:05:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012.03.08 16:05:21 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job

[2012.03.08 15:49:31 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll

[2012.03.08 14:55:11 | 007,367,726 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat

[2012.03.08 10:02:24 | 000,883,840 | ---- | M] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe

[2012.03.07 13:27:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.03.05 21:26:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.03.02 13:12:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012.02.15 22:23:10 | 000,370,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.15 20:09:07 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.13 11:41:24 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.13 09:45:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 00:48:01 | 081,316,632 | ---- | C] () -- C:\Users\Martin\Desktop\rq28mjjk.exe

[2012.03.10 23:47:35 | 081,312,088 | ---- | C] () -- C:\Users\Martin\Desktop\drweb-cureit.exe

[2012.03.10 21:23:03 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.09 22:15:20 | 000,000,780 | ---- | C] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk

[2012.03.09 15:48:18 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2012.03.09 15:48:18 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2012.03.09 15:48:18 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012.03.09 15:29:24 | 001,035,136 | ---- | C] () -- C:\Users\Martin\Desktop\HT42C7ZkG.exe

[2012.03.08 20:10:06 | 210,292,736 | ---- | C] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso

[2012.03.08 20:09:22 | 074,761,776 | ---- | C] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe

[2012.03.08 20:07:25 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.08 16:05:21 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Prosch.job

[2012.03.08 15:49:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll

[2012.03.08 15:39:20 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll

[2012.03.08 15:39:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2012.03.08 15:39:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2012.03.08 15:39:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2012.03.08 15:39:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll

[2012.03.08 14:54:53 | 007,367,726 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat

[2012.03.08 10:02:30 | 000,001,791 | ---- | C] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk

[2012.03.08 10:02:23 | 000,883,840 | ---- | C] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe

[2012.02.13 11:41:24 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.11 18:58:58 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2011.10.13 16:45:00 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.10.02 19:49:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011.10.02 19:49:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011.05.05 17:42:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
 

< End of report >

--- --- ---

und die Extras:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 11.03.2012 19:59:27 - Run 4

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Martin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,87% Memory free

6,19 Gb Paging File | 5,34 Gb Available in Paging File | 86,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 94,16 Gb Total Space | 33,34 Gb Free Space | 35,40% Space Free | Partition Type: NTFS

Drive D: | 195,14 Gb Total Space | 55,64 Gb Free Space | 28,51% Space Free | Partition Type: NTFS

Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()

Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03BE16C2-7F81-496F-9AE5-F7EBF80F036A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{170C8C54-B392-482B-9F23-9C228860FBE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{1CCD7AA4-B0C2-428B-A372-AFFF1E5E059D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{311D4DFF-1964-4149-8CDE-F7DA989823CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{397E7F37-6BA5-493E-B053-FE02E7844F1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{450CBD0B-816F-4106-9EB5-1977F2968659}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{5CC650F9-0B20-425B-A6BC-CA8778FAA934}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{65143E8F-41E8-4233-9510-EB3714628AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{71515D20-171F-4E86-912C-125B88F4B345}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{8D57A384-9F1E-4C2A-ACC3-CC0382368005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B0A23F26-669C-45D8-ADB8-1F4D985D00DF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B8C62B2F-6F39-4769-906B-582FC3B3ACD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BD957A4F-BA1D-4E60-8C1F-8568D71181B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{CC7D6AE0-EEBB-441F-8ECE-63F8F974063D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{CFB04593-8C8E-4C3D-877E-8EA94C0BE255}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F07E294F-C817-4161-9798-87265245EEA7}" = rport=2869 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04BF250E-B80E-47E9-8D95-AC75A0DB66A0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{1DC7653A-614F-457F-BC71-BC0B28290A25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{260965F7-DC2A-473A-87CD-4B8BB5A63B69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{29E666AF-2A82-4401-8633-3FB72FEC3A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2A2AEB15-0949-48BF-B739-6F2A2938D4F0}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 

"{37AA4EEE-F69D-4A11-83C3-AEE785797E5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{47C2EDB2-674B-48FC-999C-38260E4A2571}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"{48CC86E9-7783-46BC-9A2B-45EB5D71F10D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"{6508ECC3-D78E-4A5D-B8EF-FD4E375B0F30}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{68785373-888A-485A-97D3-133C7A352D67}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 

"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{759CA9A0-E57A-4EC9-9CAD-510A176444E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{932AAF37-DE4A-4343-BC0C-8B0F7CCA84F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{94A6A708-8D34-4075-9B60-25485ABB4705}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{CDB55A2E-B884-48AA-9813-959975024403}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{06E68202-05AD-47BB-98A8-F12D3B24985C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{1DFD7C6E-33E5-45BD-B08E-55D720A6490F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{20AE0F50-EBD3-4618-AF7B-2DC8726B2079}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{272EC2EE-33E4-4036-909F-368D12AF36EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{858A3433-1C59-4D9E-89A8-F93E29CA173E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{8E0C5033-B28B-437B-8911-676411FCA7E3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{981E0A58-25A6-4A71-9D05-DA9C0B7A072A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{A61CAEDE-ED7A-4FA5-982C-5C36DEBEE68E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{AEF01DE3-C8EB-45F7-A975-C91C9A0E631A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{B623211E-D96A-4A1D-ACC5-A8B946449A0D}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{BCC61290-BC9D-45C1-8E45-8AFE68ABDAD2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"TCP Query User{E4DD02B6-35F2-45AC-A6F1-B20AF248FFC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"TCP Query User{EB60AFD4-37BA-4704-880E-3F59BFFF2E3E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{F60A3D7D-1F10-4CD9-B688-E0443C00FB26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{FC32036E-01D4-4084-8927-F16DCF0E048E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{01392A9D-02E5-4AE4-8F4F-31A37648D34C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"UDP Query User{19298AB5-B819-45E1-9C56-343C438ED144}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{3188EB50-F8F4-4DE0-9115-B563F46EA573}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{3A3CDE58-E432-4421-9FDA-351B12388A41}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{49065ACF-A1DE-47BD-9CD1-C3D7706FE99D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{8293C225-A4C3-43A2-91A8-EDDDC82E6FB1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{8889C0A0-19FD-48F5-84FA-C275C4108737}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{8AA3325E-6B97-4584-AF7D-2798EA36B6CD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{8E5A5E82-6A11-407D-B54B-FC2E13A6D1D4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{A3872F3A-39DD-4AFF-91F8-82CE46EE3855}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{CBA3C2E5-25EE-4E4A-A976-357519A48F30}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"UDP Query User{CBE30CE5-0D22-4292-AF56-17A8105693EC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{CF4CF07A-B9FC-48BC-AA99-346F5AC55733}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{EFA51997-3254-406D-AAF8-67F9FF38301C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{F9FEF081-39B9-485E-95AA-CB9A9671F1BD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch

"{AD5A6099-D163-4DE9-9485-F2A210EE09B4}" = Langenscheidt Vokabeltrainer 4.0 Demoversion

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung

"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.5

"Defraggler" = Defraggler

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ElsterFormular 11.5.0.4546" = ElsterFormular

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"Luxor Amun Rising" = Luxor Amun Rising (remove only)

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)

"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoScape" = PhotoScape

"Picasa 3" = Picasa 3

"Pixum EasyBook" = Pixum EasyBook

"Poker Superstars II" = Poker Superstars II (remove only)

"PriceGong" = PriceGong 2.6.3

"RegClean Pro_is1" = RegClean Pro

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.0.3

"Trojan Remover_is1" = Trojan Remover 6.8.3

"TrojanHunter_is1" = TrojanHunter 5.5

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"ucqemcq" = Favorit

"Virtual Villagers" = Virtual Villagers (remove only)

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145697977

 

Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145697977

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145698975

 

Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145698975

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 145700176

 

Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 145700176

 

Error - 05.09.2011 04:26:25 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10

Description = 

 

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

noch was zur info:

hab gerade mal versucht mich normal unter meinem benutzerkonto anzumelden ... also nicht im abgesicherten modus, sondern so wie immer.

und der virus scheint weg zu sein. jedenfalls kommt nicht mehr diese bundespolizeiseite, die alles blockt. desktop sieht ganz normal aus ...

wie gehts jetzt weiter?

Hi,

sollte jetzt auch alles wieder tun. Du hast einiges an SW drauf (Avira, Avast, etc.). Die Realtimescanner können sich gegenseitig behindern, nur einen behalten, den Rest (Trojanhunter etc.) runterlöschen. MAM würde ich drauf lassen, ab- und an updaten und dann einen fullscan wöchentlich machen. Dr. Web/Cureit kann auch gelöscht/deinstalliert werden.

Ein Reg.-Key muss noch gerade gebogen werden:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:REG

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = dword:0x01
 

:Commands

[purity]

[emptytemp]

[CREATERESTOREPOINT]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Dann sollten wir erstmal durch sein...

chris

ok, hab ich gemacht:

folgende textdatei kommt nach dem letzten von dir vorgeschlagenen vorschlag:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1974930 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116438070 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 27925 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1535406 bytes
RecycleBin emptied: 126084 bytes

Total Files Cleaned = 115,00 mb

OTL by OldTimer - Version 3.2.36.3 log created on 03112012_215718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

heißt das jetzt, der bundespolizei-virus ist weg?

oder wäre eine neuinstallation des systems trotzdem zu raten?

wie schütze ich mich in zukunft am besten davor, dass ich das ding oder andere trojaner nicht wieder bekommen?

Hi,

kommt darauf an, ob Du den Rechern für Homebanking etc. oder nur zum Surfen gebrauchst...

Zusätzlich zu Avira und der Windows-Firewall noch Threadfire-free Herunterladen Kostenlos).
Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und
"NoScript" (http://filepony.de/download-noscript//)) verwenden,
einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online,
Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen.

chris

erst mal danke ich dir ganz herzlich, für die hilfe, die mühe, die zeit. ich hätte das allein niemals hinbekommen. kann ich mich dir ggü. irgendwie erkenntlich zeigen?

also bislang hab ich kein online banking gemacht, hatte das aber demnächst vor, mir ein direktbank-konto zuzulegen ...

sollte ich das dann besser nicht von diesem rechner aus machen?

was bringt die sache mit dem guest-account?

Hi,

würde den Rechner noch einige Zeit beobachten dann wenn sich nichts mehr ergibt ev. Hombanking, sonst lieber auf einem anderen Rechner machen...

Der Guestaccount verhindert dass sich die Infektion auf andere (Admin-) Accounts ausbreiten kann, gleichzeitig hat der Account wenig rechte, so dass auch schon windows z.B. eine Installation verhindert...

chris

ok chris ... nochmal vielen vielen dank, war super nett von dir ...

warum machst du das hier im board?

womit verdienst du dein geld?

kann ich dir einen obulus zukommen lassen?

noch eine frage: bei den von dir vorgeschlagenen sicherheitsprogammen, reicht da die free-version oder muss ein kostenpflichtiges abo als vollversion her???

Hi,

kostenlos reicht, etwas mehr bzw. schnelleres Update der Signaturen bei der Vollversion (nicht unbedingt notwendig)...

chris