Trojaner-Board - Trace.Registry.trojan-dropper.win32.inject!E1 entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trace.Registry.trojan-dropper.win32.inject!E1 entfernen (https://www.trojaner-board.de/122161-trace-registry-trojan-dropper-win32-inject-e1-entfernen.html)

Trace.Registry.trojan-dropper.win32.inject!E1 entfernen

Hallo,
Emsisoft Malware 6.6 findet nach jedem Scan Trace.Registry.trojan-dropper.win32.inject!E1.
Bitte um Hilfe diesen zu entfernen.

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 15.08.2012 10:44:27

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\
Archiv Scan: Aus
ADS Scan: An

Scan Beginn: 15.08.2012 10:45:33

Value: hkey_current_user\software\microsoft\windows\currentversion\run --> upgradechecker gefunden: Trace.Registry.trojan-dropper.win32.inject!E1

Gescannt 481549
Gefunden 1

Scan Ende: 15.08.2012 11:09:23
Scan Zeit: 0:23:50OTL Logfile:

Code:

OTL logfile created on: 15.08.2012 11:18:58 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Windows666\Downloads

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,49 Mb Total Physical Memory | 501,03 Mb Available Physical Memory | 49,00% Memory free

2,00 Gb Paging File | 0,50 Gb Available in Paging File | 24,78% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 78,73 Gb Free Space | 26,42% Space Free | Partition Type: NTFS

Drive D: | 101,94 Mb Total Space | 10,66 Mb Free Space | 10,46% Space Free | Partition Type: NTFS

Drive E: | 186,21 Gb Total Space | 41,39 Gb Free Space | 22,23% Space Free | Partition Type: NTFS

 

Computer Name: WINDOWS666-PC | User Name: Windows666 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Windows666\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)

PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe (Ashampoo Development GmbH & Co. KG)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AAMWService) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe ()

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AAMW_WSC_Service_Vista) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe ()

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (vgwshzyh) -- C:\Windows\system32\drivers\vgwshzyh.sys File not found

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found

DRV - (qhldfvgp) -- C:\Windows\system32\drivers\qhldfvgp.sys File not found

DRV - (nsxrjlyf) -- C:\Windows\system32\drivers\nsxrjlyf.sys File not found

DRV - (lgkkgehq) -- C:\Windows\system32\drivers\lgkkgehq.sys File not found

DRV - (kltoskok) -- C:\Windows\system32\drivers\kltoskok.sys File not found

DRV - (dnoinpnu) -- C:\Windows\system32\drivers\dnoinpnu.sys File not found

DRV - (chgfpqzx) -- C:\Windows\system32\drivers\chgfpqzx.sys File not found

DRV - (ccgqvjgn) -- C:\Windows\system32\drivers\ccgqvjgn.sys File not found

DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)

DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)

DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)

DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (ASW3Scan) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS32.sys ()

DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)

DRV - (AAMWRegFilter) -- C:\Programme\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter32.sys ()

DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )

DRV - (RT2500USB) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2009.06.10 23:00:28 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Ashampoo Anti-Malware Guard] C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe (Ashampoo Development GmbH & Co. KG)

O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Windows666\AppData\Roaming\Google Inc.\{EA1411D0-DAE0-4C16-8584-077A2695FA70}\UpgradeChecker.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48260C41-67DD-42B2-ABA5-D1FF6DB848BA}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.15 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Desktop\scanbericht

[2012.08.15 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\QuickScan

[2012.08.14 21:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2012.08.14 21:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo

[2012.08.14 16:52:12 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Local\Ashampoo

[2012.08.14 16:11:41 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\Systweak

[2012.08.14 16:11:38 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2012.08.13 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.08.13 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.08.13 11:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

[2012.08.13 11:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware

[2012.08.13 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Documents\Anti-Malware

[2012.07.24 15:02:45 | 000,000,000 | ---D | C] -- C:\Users\Windows666\Desktop\filme

[2012.07.23 14:47:24 | 000,000,000 | ---D | C] -- C:\Users\Windows666\AppData\Roaming\Microsoft Corporation

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.15 10:35:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2012.08.15 10:35:05 | 000,009,243 | ---- | M] () -- C:\Users\Windows666\Documents\EMSISOFT.rtf

[2012.08.15 10:25:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.08.15 10:01:46 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.15 10:01:45 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.15 09:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.15 09:51:48 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.15 01:20:55 | 000,007,680 | ---- | M] () -- C:\Windows\13212406.exe

[2012.08.15 01:20:55 | 000,000,004 | ---- | M] () -- C:\Windows\13212406.dat

[2012.08.14 21:18:31 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Anti-Malware.lnk

[2012.08.14 16:49:55 | 000,000,286 | ---- | M] () -- C:\Users\Windows666\Documents\trojaner.rtf

[2012.08.14 16:32:03 | 000,001,676 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin

[2012.08.14 16:02:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.08.14 16:02:29 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.08.14 16:02:29 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.14 16:02:29 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.08.14 16:02:29 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.13 16:53:57 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.08.13 11:59:10 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2012.08.08 14:26:42 | 000,000,815 | ---- | M] () -- C:\Users\Windows666\Documents\Herkules Hosenträger.rtf

[2012.08.06 18:27:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\rat_0ybba.pad

[2012.08.03 11:46:41 | 000,001,749 | ---- | M] () -- C:\Users\Windows666\Documents\Pari Junior Boy S.rtf

[2012.08.03 09:25:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.08.03 09:25:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.08.01 11:24:03 | 000,001,812 | ---- | M] () -- C:\Users\Windows666\Documents\Vase Hutschenreuther.rtf

[2012.07.29 19:49:32 | 000,001,745 | ---- | M] () -- C:\Users\Windows666\Documents\Servier Platte groß.rtf

[2012.07.28 19:08:08 | 000,000,425 | ---- | M] () -- C:\Users\Windows666\Documents\Pierrot und Columbine Fasold & Strauch.rtf

[2012.07.28 18:35:42 | 000,002,801 | ---- | M] () -- C:\Users\Windows666\Documents\Rosenthal  Cattleya.rtf

[2012.07.24 23:33:10 | 000,017,136 | ---- | M] () -- C:\Windows\System32\sasnative32.exe

[2012.07.16 18:36:05 | 000,443,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120802-120030.backup

[2012.07.16 14:25:06 | 000,017,320 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.08.15 01:20:55 | 000,007,680 | ---- | C] () -- C:\Windows\13212406.exe

[2012.08.15 01:20:55 | 000,000,004 | ---- | C] () -- C:\Windows\13212406.dat

[2012.08.14 21:18:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Anti-Malware.lnk

[2012.08.14 16:49:54 | 000,000,286 | ---- | C] () -- C:\Users\Windows666\Documents\trojaner.rtf

[2012.08.14 16:27:12 | 000,001,676 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin

[2012.08.14 16:12:03 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe

[2012.08.14 09:51:41 | 000,009,243 | ---- | C] () -- C:\Users\Windows666\Documents\EMSISOFT.rtf

[2012.08.13 16:53:57 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.08.13 11:59:10 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2012.08.08 14:26:41 | 000,000,815 | ---- | C] () -- C:\Users\Windows666\Documents\Herkules Hosenträger.rtf

[2012.08.06 18:15:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad

[2012.08.03 11:46:40 | 000,001,749 | ---- | C] () -- C:\Users\Windows666\Documents\Pari Junior Boy S.rtf

[2012.08.01 11:24:03 | 000,001,812 | ---- | C] () -- C:\Users\Windows666\Documents\Vase Hutschenreuther.rtf

[2012.07.29 19:49:32 | 000,001,745 | ---- | C] () -- C:\Users\Windows666\Documents\Servier Platte groß.rtf

[2012.07.28 19:08:07 | 000,000,425 | ---- | C] () -- C:\Users\Windows666\Documents\Pierrot und Columbine Fasold & Strauch.rtf

[2012.07.28 18:35:41 | 000,002,801 | ---- | C] () -- C:\Users\Windows666\Documents\Rosenthal  Cattleya.rtf

[2012.04.15 18:51:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012.04.07 14:53:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012.04.07 14:25:26 | 000,000,158 | ---- | C] () -- C:\Windows\pagesuit.ini

[2012.04.07 14:25:25 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll

[2012.04.06 03:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2012.04.06 03:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

 
 ========== LOP Check ==========

 

[2012.07.12 19:54:46 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Dropbox

[2012.04.07 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Ordner HP Share-to-Web

[2012.08.15 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\QuickScan

[2012.08.14 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\Systweak

[2012.08.11 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\TeamViewer

[2012.07.11 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Windows666\AppData\Roaming\TuneUp Software

[2012.08.06 06:15:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\OpenOffice.org 2.4 (de) Installation Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\Desktop\Rapithsare:Roxio EMC Stream
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 15.08.2012 11:18:59 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Windows666\Downloads

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,49 Mb Total Physical Memory | 501,03 Mb Available Physical Memory | 49,00% Memory free

2,00 Gb Paging File | 0,50 Gb Available in Paging File | 24,78% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297,99 Gb Total Space | 78,73 Gb Free Space | 26,42% Space Free | Partition Type: NTFS

Drive D: | 101,94 Mb Total Space | 10,66 Mb Free Space | 10,46% Space Free | Partition Type: NTFS

Drive E: | 186,21 Gb Total Space | 41,39 Gb Free Space | 22,23% Space Free | Partition Type: NTFS

 

Computer Name: WINDOWS666-PC | User Name: Windows666 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- Reg Error: Value error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{D3BB6726-339E-4673-BAAA-A4F68F0D3D54}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{654A3EF5-827D-4A50-B357-DA6B7E3DD477}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1DA193D3-BEC6-4FEF-89E3-D8F739216BFB}_is1" = Ashampoo Anti-Malware v.1.21

"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French

"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0

"{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager

"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center

"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian

"{DD2205B2-ECFA-37C1-198F-BC8B84C2F74C}" = AMD Drag and Drop Transcoding

"{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = WiFi Station

"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"CCleaner" = CCleaner

"FLV Player" = FLV Player 2.0 (build 25)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 14.08.2012 15:36:03 | Computer Name = Windows666-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: AAMW_Service.exe, Version: 0.0.0.0,

 Zeitstempel: 0x4c7685e8  Name des fehlerhaften Moduls: engine.dll, Version: 5.0.0.50,

 Zeitstempel: 0x4ca00082  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001dfc3  ID des fehlerhaften

 Prozesses: 0x2e4  Startzeit der fehlerhaften Anwendung: 0x01cd7a51998ebbd8  Pfad der

 fehlerhaften Anwendung: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe

Pfad

 des fehlerhaften Moduls: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\engine.dll

Berichtskennung:

 47f5b7c6-e647-11e1-ba09-0008d307a938

 

Error - 14.08.2012 15:42:49 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.08.2012 01:31:01 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.08.2012 01:42:17 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002

Description = Programm AAMW_Main.exe, Version 1.0.0.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f04    Startzeit: 

01cd7aa72bddf176    Endzeit: 758    Anwendungspfad: C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Main.exe
 

Berichts-ID:

   

 

Error - 15.08.2012 01:56:14 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.08.2012 03:53:35 | Computer Name = Windows666-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.08.2012 03:58:58 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: d3c    Startzeit: 01cd7abb70c6d41e    Endzeit: 36    Anwendungspfad: 

C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   

 

Error - 15.08.2012 04:02:46 | Computer Name = Windows666-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1a0    Startzeit: 01cd7abbe003d779    Endzeit: 51    Anwendungspfad: 

C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   

 

Error - 15.08.2012 04:22:13 | Computer Name = Windows666-PC | Source = System Restore | ID = 8200

Description = 

 

Error - 15.08.2012 04:23:16 | Computer Name = Windows666-PC | Source = System Restore | ID = 8200

Description = 

 

[ System Events ]

Error - 13.08.2012 03:39:50 | Computer Name = Windows666-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 13.08.2012 03:39:50 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 13.08.2012 03:41:49 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

 

Error - 14.08.2012 05:26:01 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?14.?08.?2012 um 11:24:36 unerwartet heruntergefahren.

 

Error - 14.08.2012 09:50:42 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?14.?08.?2012 um 15:49:18 unerwartet heruntergefahren.

 

Error - 14.08.2012 10:38:16 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

 

Error - 14.08.2012 15:11:40 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Ashampoo Anti-Malware Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 14.08.2012 15:37:19 | Computer Name = Windows666-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Ashampoo Anti-Malware Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 15.08.2012 01:54:01 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?15.?08.?2012 um 07:53:06 unerwartet heruntergefahren.

 

Error - 15.08.2012 03:51:56 | Computer Name = Windows666-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?15.?08.?2012 um 09:50:50 unerwartet heruntergefahren.

 

 

< End of report >

--- --- ---

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

DRV - (vgwshzyh) -- C:\Windows\system32\drivers\vgwshzyh.sys File not found 

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found 

DRV - (qhldfvgp) -- C:\Windows\system32\drivers\qhldfvgp.sys File not found 

DRV - (nsxrjlyf) -- C:\Windows\system32\drivers\nsxrjlyf.sys File not found 

DRV - (lgkkgehq) -- C:\Windows\system32\drivers\lgkkgehq.sys File not found 

DRV - (kltoskok) -- C:\Windows\system32\drivers\kltoskok.sys File not found 

DRV - (dnoinpnu) -- C:\Windows\system32\drivers\dnoinpnu.sys File not found 

DRV - (chgfpqzx) -- C:\Windows\system32\drivers\chgfpqzx.sys File not found 

DRV - (ccgqvjgn) -- C:\Windows\system32\drivers\ccgqvjgn.sys File not found 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Windows666\AppData\Roaming\Google Inc.\{EA1411D0-DAE0-4C16-8584-077A2695FA70}\UpgradeChecker.exe File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) 

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] 
 

[2012.08.15 01:20:55 | 000,007,680 | ---- | M] () -- C:\Windows\13212406.exe 

[2012.08.06 18:27:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\rat_0ybba.pad 

@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\OpenOffice.org 2.4 (de) Installation Files:Roxio EMC Stream 

@Alternate Data Stream - 76 bytes -> C:\Users\Windows666\Desktop\Rapithsare:Roxio EMC Stream 
 

[2012.08.15 10:25:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.08.15 01:20:55 | 000,000,004 | ---- | M] () -- C:\Windows\13212406.dat 

:Files
 
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hallo,
möchte mich zuerst einmal für die schnelle Hilfe bedanken.
Scheint alles geklappt zu haben!
Hier die Daten:
All processes killed
========== OTL ==========
Service vgwshzyh stopped successfully!
Service vgwshzyh deleted successfully!
File C:\Windows\system32\drivers\vgwshzyh.sys File not found not found.
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys File not found not found.
Service qhldfvgp stopped successfully!
Service qhldfvgp deleted successfully!
File C:\Windows\system32\drivers\qhldfvgp.sys File not found not found.
Service nsxrjlyf stopped successfully!
Service nsxrjlyf deleted successfully!
File C:\Windows\system32\drivers\nsxrjlyf.sys File not found not found.
Service lgkkgehq stopped successfully!
Service lgkkgehq deleted successfully!
File C:\Windows\system32\drivers\lgkkgehq.sys File not found not found.
Service kltoskok stopped successfully!
Service kltoskok deleted successfully!
File C:\Windows\system32\drivers\kltoskok.sys File not found not found.
Service dnoinpnu stopped successfully!
Service dnoinpnu deleted successfully!
File C:\Windows\system32\drivers\dnoinpnu.sys File not found not found.
Service chgfpqzx stopped successfully!
Service chgfpqzx deleted successfully!
File C:\Windows\system32\drivers\chgfpqzx.sys File not found not found.
Service ccgqvjgn stopped successfully!
Service ccgqvjgn deleted successfully!
File C:\Windows\system32\drivers\ccgqvjgn.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\UpgradeChecker deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
E:\autoexec.bat moved successfully.
C:\Windows\13212406.exe moved successfully.
C:\ProgramData\rat_0ybba.pad moved successfully.
ADS C:\Users\Windows666\OpenOffice.org 2.4 (de) Installation Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\Windows666\Desktop\Rapithsare:Roxio EMC Stream deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\13212406.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Windows666\Desktop\cmd.bat deleted successfully.
C:\Users\Windows666\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Windows666
->Temp folder emptied: 4275063 bytes
->Temporary Internet Files folder emptied: 36488864 bytes
->Java cache emptied: 536970 bytes
->Flash cache emptied: 910 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2796664 bytes
RecycleBin emptied: 2456576 bytes

Total Files Cleaned = 44,00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08162012_111449

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003FF56F00056B4F8BBC not found!
C:\Windows\temp\TMP00000040FC329F3361612255 moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\TMP0000003FF56F00056B4F8BBC not found!
File C:\Windows\temp\TMP00000040FC329F3361612255 not found!

Registry entries deleted on Reboot...

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hallo,
hier die gewünschten Daten:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Windows666 :: WINDOWS666-PC [Administrator]

Schutz: Deaktiviert

16.08.2012 16:48:46
mbam-log-2012-08-16 (16-48-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396862
Laufzeit: 1 Stunde(n), 42 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
E:\Users\V-Max-Driver\Desktop\RegistryFix.v7.1.Incl.KeyMaker-DVT\registryfix.exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\V-Max-Driver\Desktop\RegistryFix.v7.1.Incl.KeyMaker-DVT\neu\registryfix - Kopie.exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Users\V-Max-Driver\Desktop\TuneUp.Utilities.2012.v12.0.2160.13.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

# AdwCleaner v1.801 - Logfile created 08/16/2012 at 18:55:34
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Windows666 - WINDOWS666-PC
# Boot Mode : Normal
# Running from : C:\Users\Windows666\Desktop\scanbericht\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

Folder Found : C:\Users\Windows666\AppData\Roaming\Babylon
Folder Found : C:\Users\Windows666\AppData\Roaming\BabylonToolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\DealPly
File Found : C:\user.js

***** [Registry] *****

Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\DealPly
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=HP_ss&mntrId=cc5ac9560000000000000008d307a938
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=HP_ss&mntrId=cc5ac9560000000000000008d307a938
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=NT_ss&mntrId=cc5ac9560000000000000008d307a938

*************************

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Hallo,
hier die aktuellen Daten:

# AdwCleaner v1.801 - Logfile created 08/17/2012 at 16:48:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Windows666 - WINDOWS666-PC
# Boot Mode : Normal
# Running from : C:\Users\Windows666\Desktop\scanbericht\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Folder Deleted : C:\Users\Windows666\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Windows666\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\DealPly
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110809&tt=bandext_3312_8&babsrc=NT_ss&mntrId=cc5ac9560000000000000008d307a938 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [5817 octets] - [16/08/2012 18:55:34]
AdwCleaner[S1].txt - [5637 octets] - [17/08/2012 16:48:12]

########## EOF - C:\AdwCleaner[S1].txt - [5765 octets] ##########

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 17.08.2012 16:52:31

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 17.08.2012 17:05:43

c:\program files\downloadmanager gefunden: Trace.File.mediapipe!E1

Gescannt 652771
Gefunden 1

Scan Ende: 17.08.2012 18:34:38
Scan Zeit: 1:28:55

MFG
Wolfgang

Sehr gut! :daumenhoc

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo,
der Rechner läuft jetzt um einiges schneller.
Hier die Daten:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=44d16e4c20fc184aacddb721be26c209
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-17 08:31:41
# local_time=2012-08-17 10:31:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 772 96860067 0 0
# compatibility_mode=8192 67108863 100 0 212 212 0 0
# scanned=229672
# found=5
# cleaned=5
# scan_time=6645
C:\Users\Windows666\AppData\Local\Temp\ICReinstall_DownloadAcceleratorSetup (1).exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Windows666\AppData\Local\Temp\ICReinstall_DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Windows666\AppData\Local\Temp\096D7F4E-BAB0-7891-A068-6D234504CBED\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Windows666\Desktop\scanbericht\DownloadAcceleratorSetup (1).exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Windows666\Desktop\scanbericht\DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

MFG
Wolfgang

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Hallo,
hoffe hab alles richtig gemacht da jetzt folgende Meldung kommt:
•Java ist Installiert und aktiviert, aber die Version ist unbekannt.
MFG
Wolfgang

Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?