| |
| |||||||
Log-Analyse und Auswertung: OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2011, 10:42
| #1 |
| |  OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen? Hallo, Leider hat mich auch der Bundespolizei Trojaner erwischt. Da ich auf meinem PC wichtige Daten und Projektdateien (Video und Sounddateien) habe die ich noch brauche und weiterverarbeiten muss, kann ich meinen erstmal PC noch nich komplett platt machen. Ich habe nun mit OTLPE ebenfalls ein Logfile erstellt und würde mich freuen, wenn sich jemand der Sache annehmen würde. Das wäre absolut super und die Rettung für meine Projekte. Danke und Gruß OTL LOGFILE:OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/12/2011 2:26:14 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 691.33 Gb Total Space | 210.57 Gb Free Space | 30.46% Space Free | Partition Type: NTFS Drive D: | 465.65 Gb Total Space | 8.88 Gb Free Space | 1.91% Space Free | Partition Type: FAT32 Drive E: | 298.09 Gb Total Space | 24.27 Gb Free Space | 8.14% Space Free | Partition Type: NTFS Drive K: | 993.77 Mb Total Space | 750.94 Mb Free Space | 75.56% Space Free | Partition Type: FAT32 Drive L: | 691.28 Gb Total Space | 6.68 Gb Free Space | 0.97% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/05/21 00:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/27 11:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/06/25 06:54:34 | 001,918,952 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009/06/03 06:03:44 | 001,119,304 | ---- | M] (G DATA Software AG) [Auto] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009/06/03 06:03:44 | 000,394,312 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2009/03/09 21:47:10 | 000,298,568 | ---- | M] (G DATA Software AG) [On_Demand] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2008/12/24 11:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service) SRV - [2008/12/24 11:34:10 | 000,058,664 | ---- | M] () [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service) SRV - [2008/12/18 07:51:34 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/12/04 07:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/10/27 06:05:28 | 000,306,736 | ---- | M] () [Auto] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/05/23 05:44:38 | 000,105,416 | ---- | M] (G Data Software) [Kernel | System] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV:64bit: - [2009/07/28 09:19:19 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2009/07/28 09:19:18 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2009/07/28 09:19:04 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System] -- C:\Windows\System32\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2009/07/02 04:46:04 | 001,708,544 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2008/10/27 06:06:00 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2008/10/27 06:06:00 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2008/10/27 06:06:00 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2008/07/16 04:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2007/12/04 10:25:20 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800 IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800 IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Ungermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0 FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9 FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1 FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5 FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/31 17:24:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ungermann\AppData\Roaming\Mozilla\Extensions [2011/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ungermann\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com [2011/08/21 14:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/08/21 14:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG [2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG [2011/08/31 17:24:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O3:64bit: - HKU\Ungermann_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\Ungermann_ON_C..\Run: [avupdate] C:\Users\Ungermann\AppData\Roaming\jashla.exe (Soda Butane Wags) O4 - HKU\Ungermann_ON_C..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\Ungermann_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKU\UpdatusUser_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/09/12 03:36:46 | 000,000,000 | ---D | C] -- C:\Marta Erweiterte Version unkomprimiert [2011/09/12 03:34:21 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2011/09/02 03:16:30 | 000,188,416 | ---- | C] (Soda Butane Wags) -- C:\Users\Ungermann\AppData\Roaming\jashla.exe [2011/09/01 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\Desktop\FILM FREIBURG [2011/08/30 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\Desktop\Fotos für Nachtemail [2011/08/27 07:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011/08/21 15:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2011/08/21 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\HP [2011/08/21 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\HP [2011/08/21 15:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2011/08/21 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2011/08/21 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011/08/21 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011/08/21 15:31:31 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011/08/21 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011/08/21 15:25:37 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids40.dll [2011/08/21 15:25:35 | 000,145,408 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpfll70v.dll [2011/08/21 15:23:45 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll [2011/08/21 15:23:45 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll [2011/08/21 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011/08/21 14:29:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/08/21 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/08/21 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/08/21 14:27:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011/08/21 14:27:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/08/21 14:27:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/08/21 14:27:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/08/21 14:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011/08/20 06:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{83EF7306-A35C-466F-889D-B92E5FA7C0E8} [2011/08/19 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{BCE6D0F3-ACEE-4A37-8662-0008CE7A8722} [2011/08/19 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{EB420047-733D-49E5-A84A-CCE956F6C4D9} [2011/08/19 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\Skype [2011/08/19 16:03:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011/08/19 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/08/19 16:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011/08/19 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6 [2011/08/19 15:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\ICQ [2011/08/19 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.6 [2009/07/28 17:05:17 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011/09/11 20:02:18 | 000,139,219 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/09/11 20:02:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/11 20:02:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/11 20:02:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/02 12:45:33 | 000,028,672 | ---- | M] () -- C:\Users\Ungermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/02 12:45:22 | 000,388,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/09/02 03:16:30 | 000,188,416 | ---- | M] (Soda Butane Wags) -- C:\Users\Ungermann\AppData\Roaming\jashla.exe [2011/09/01 18:56:42 | 268,591,419 | ---- | M] () -- C:\Users\Ungermann\Desktop\Charlotte Demoband 02.09.2011.wmv [2011/09/01 17:53:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/09/01 17:53:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/09/01 17:53:23 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/09/01 17:53:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/09/01 15:29:29 | 000,047,742 | ---- | M] () -- C:\Users\Ungermann\Desktop\Achim und Anja.celtx [2011/09/01 09:09:55 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 3 (2).png [2011/09/01 09:09:54 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 4 (2).png [2011/09/01 09:09:45 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 1 (2).png [2011/09/01 08:56:26 | 000,123,939 | ---- | M] () -- C:\Users\Ungermann\Documents\Video call snapshot 29.png [2011/08/28 17:50:34 | 000,016,538 | ---- | M] () -- C:\Users\Ungermann\Desktop\Drehbuch ACHIM UND ANJA 28.08.2011.pdf [2011/08/28 16:34:08 | 007,861,793 | ---- | M] () -- C:\Users\Ungermann\Desktop\Björn und Michal.wmv [2011/08/28 15:39:13 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\WebReg HP Deskjet D1600 series.job [2011/08/26 16:15:46 | 000,026,683 | ---- | M] () -- C:\Users\Ungermann\Documents\Video call snapshot 6.png [2011/08/26 15:30:16 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0005[1].3gp [2011/08/26 15:28:57 | 000,131,072 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0006[1].3gp [2011/08/26 15:27:34 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0007[1].3gp [2011/08/26 15:25:59 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0008[1].3gp [2011/08/21 15:39:02 | 000,179,498 | ---- | M] () -- C:\Windows\hphins33.dat [2011/08/21 15:35:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2011/08/21 15:34:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011/08/21 15:34:00 | 000,002,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011/08/21 14:27:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011/08/21 14:27:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/08/21 14:27:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/08/21 14:27:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/08/19 16:03:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/08/19 15:52:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6 [2011/08/17 12:53:37 | 001,855,822 | ---- | M] () -- C:\Users\Ungermann\Desktop\IMG_8493.JPG [2011/08/17 12:53:12 | 002,074,348 | ---- | M] () -- C:\Users\Ungermann\Desktop\IMG_8488.JPG [2011/08/16 06:26:14 | 000,000,130 | ---- | M] () -- C:\Windows\Goya.INI [2011/08/15 10:01:01 | 000,013,405 | ---- | M] () -- C:\Users\Ungermann\Desktop\ACHIM UND ANJA Drehbuch 12.08.2011 Konzeptfassung.pdf ========== Files Created - No Company Name ========== [2011/09/01 18:43:14 | 268,591,419 | ---- | C] () -- C:\Users\Ungermann\Desktop\Charlotte Demoband 02.09.2011.wmv [2011/09/01 15:29:29 | 000,047,742 | ---- | C] () -- C:\Users\Ungermann\Desktop\Achim und Anja.celtx [2011/09/01 09:07:21 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 3 (2).png [2011/09/01 09:07:14 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 4 (2).png [2011/09/01 09:06:47 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 1 (2).png [2011/09/01 08:56:14 | 000,123,939 | ---- | C] () -- C:\Users\Ungermann\Documents\Video call snapshot 29.png [2011/08/28 17:50:32 | 000,016,538 | ---- | C] () -- C:\Users\Ungermann\Desktop\Drehbuch ACHIM UND ANJA 28.08.2011.pdf [2011/08/28 16:33:12 | 007,861,793 | ---- | C] () -- C:\Users\Ungermann\Desktop\Björn und Michal.wmv [2011/08/27 07:45:06 | 050,728,964 | ---- | C] () -- C:\Users\Ungermann\Desktop\Sequenz 01_10.MPG [2011/08/26 16:15:42 | 000,026,683 | ---- | C] () -- C:\Users\Ungermann\Documents\Video call snapshot 6.png [2011/08/26 15:29:58 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0005[1].3gp [2011/08/26 15:28:43 | 000,131,072 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0006[1].3gp [2011/08/26 15:27:18 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0007[1].3gp [2011/08/26 15:25:43 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0008[1].3gp [2011/08/21 15:39:16 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\WebReg HP Deskjet D1600 series.job [2011/08/21 15:34:00 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011/08/21 15:26:19 | 000,179,498 | ---- | C] () -- C:\Windows\hphins33.dat [2011/08/17 12:52:28 | 002,074,348 | ---- | C] () -- C:\Users\Ungermann\Desktop\IMG_8488.JPG [2011/08/17 12:52:28 | 001,855,822 | ---- | C] () -- C:\Users\Ungermann\Desktop\IMG_8493.JPG [2011/08/15 10:01:01 | 000,013,405 | ---- | C] () -- C:\Users\Ungermann\Desktop\ACHIM UND ANJA Drehbuch 12.08.2011 Konzeptfassung.pdf [2011/07/24 12:03:44 | 000,007,808 | ---- | C] () -- C:\Users\Ungermann\AppData\Local\d3d9caps.dat [2011/06/07 05:02:16 | 000,000,130 | ---- | C] () -- C:\Windows\Goya.INI [2011/06/01 12:43:05 | 000,000,075 | RHS- | C] () -- C:\Windows\ICMET20.BIN [2011/06/01 10:07:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/06/01 07:07:58 | 000,028,672 | ---- | C] () -- C:\Users\Ungermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/23 05:36:52 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2011/05/23 05:36:52 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2011/05/23 05:21:27 | 000,003,800 | ---- | C] () -- C:\Windows\HCWPNP.INI [2011/05/23 05:18:18 | 000,139,219 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011/05/23 05:18:17 | 000,139,219 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/07/28 09:23:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009/07/28 09:23:46 | 000,007,272 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009/07/28 07:42:16 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009/07/28 07:42:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009/06/11 06:17:52 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011/05/23 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\Acer GameZone Console [2011/06/03 13:26:18 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\Greyfirst [2011/06/01 07:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\HomeMedia Connect [2011/09/01 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\ICQ [2011/07/27 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\MAGIX [2011/06/01 09:59:53 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\PowerCinema [2011/06/01 07:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\SoftDMA [2011/05/23 05:34:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console [2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2009/07/28 09:22:28 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec [2009/07/28 10:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi [2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2009/07/28 11:23:05 | 000,000,000 | ---D | M] -- C:\ProgramData\G DATA [2011/07/27 14:04:05 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2009/07/28 09:25:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mufin [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011/05/23 05:27:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011/09/02 04:37:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen? |
| antivirus, autorun, bho, dateien, defender, error, explorer, firefox, format, google, helper, home, icq, locker, logfile, malwarebytes, microsoft, mywinlocker, nvidia, plug-in, popup, realtek, registry, scan, software, super, trojaner, vista, wichtige daten, winlogon |
Baum-Darstellung