|
Log-Analyse und Auswertung: emisoft Antimalware findet trojaner und virusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2011, 20:10 | #1 |
| emisoft Antimalware findet trojaner und virus Hallo zusammen, ich habe einen gebrauchten PC bekommen. ich musste ein windows license update machen für die nicht registrierte XP-Pro Version. Die Lizenz die darauf war, habe ich durch eine gültige von mir ersetzt. Jetzt habe ich alle Sicherheitsupdates auf dem neuesten Stand. Eine abgelaufene Version von "eset nod32"habe ich auch entfernen müssen. Im moment habe ich Emisoft AntiMalware 5.1.0.16 als Testversion installiert. Die, bzw. das Emergency Kit hat folgendes gefunden: >>Emsisoft Emergency Kit - Version 1.0 Letztes Update: 12.09.2011 13:17:02 Scan Einstellungen: Scan Methode: Eigener Scan Objekte: Speicher, Traces, Cookies, C:\, D:\, E:\, H:\ Archiv Scan: An Heuristik: Aus ADS Scan: An Scan Beginn: 12.09.2011 13:19:52 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\cookies.sqlite:1315057803781000 gefunden: Trace.TrackingCookie.de.sitestat.com!A2 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\cookies.sqlite:1315057803781001 gefunden: Trace.TrackingCookie.de.sitestat.com!A2 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56\113263b8-7feac9e4 gefunden: Trojan-PWS.Win32.Sinowal!IK C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\ccgzh104.exe gefunden: Virus.Win32.Horse.O!IK C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\PetersKleinesOrdnerchen\elf3.9.8.1.exe/$INSTDIR\MiNODLogin.exe gefunden: Trojan.SuspectCRC!IK C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jar_cache1986030921396297215.tmp gefunden: Trojan-PWS.Win32.Sinowal!IK Gescannt Dateien: 130133 Traces: 361726 Cookies: 35 Prozesse: 25 Gefunden Dateien: 4 Traces: 0 Cookies: 2 Prozesse: 0 Registry Keys: 0 Scan Ende: 12.09.2011 15:12:55 Scan Zeit: 1:53:03 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\PetersKleinesOrdnerchen\elf3.9.8.1.exe/$INSTDIR\MiNODLogin.exe Quarantäne Trojan.SuspectCRC!IK C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\ccgzh104.exe Quarantäne Virus.Win32.Horse.O!IK C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56\113263b8-7feac9e4 Quarantäne Trojan-PWS.Win32.Sinowal!IK C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jar_cache1986030921396297215.tmp Quarantäne Trojan-PWS.Win32.Sinowal!IK C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\cookies.sqlite:1315057803781000 Quarantäne Trace.TrackingCookie.de.sitestat.com!A2 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\cookies.sqlite:1315057803781001 Quarantäne Trace.TrackingCookie.de.sitestat.com!A2 Quarantäne Dateien: 4 Traces: 0 Cookies: 2<< Also "MiNODLogin.exe" scheint ein keyfinder für die entfernte eset version gewesen zu sein, den habe ich in die Quarantäne verschieben lassen und gelöscht."ccgzh104.exe" war wohl ein Spieletrainer (ob illegal weiss ich nicht, habe ich aber ebenfalls gelöscht). Über den Rest konnte ich nichts herausfinden, ausser dass es schädliche Software ist. Ich hoffe ich bin damit frei von unerlaubter Software, es ist auch nicht meine Absicht diese auf einem rechner zu verwenden. Nach einem Hinweis lösche ich auch alles, was ich evtl. übersehen habe.. Der Browser navigiert wie vor der Reinigung von google aus zu falschen Seiten (nicht zu den angeklickten links) und manchmal friert er für einige zeit ganz ein. Streams laufen auch nicht wirklich. Nachdem der Rechner hochfährt, kommt eine Fehlermeldung, dass " Spooler SubSystem App" beendet werden muss. hier noch folgendes, Defogger meldete keinen Fehler: >>defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:40 on 12/09/2011 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Unable to remove (5) Checking for services/drivers... SPTD -> Already disabled -=E.O.F=-<< und OTL hat nur die OTL.txt erstellt: >>OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2011 18:51:04 - Run 2 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 158,77 Mb Available Physical Memory | 31,04% Memory free 1,22 Gb Paging File | 0,85 Gb Available in Paging File | 70,02% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 4,09 Gb Free Space | 20,96% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 29,24 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive E: | 27,85 Gb Total Space | 10,25 Gb Free Space | 36,80% Space Free | Partition Type: NTFS Drive G: | 7,81 Gb Total Space | 7,70 Gb Free Space | 98,52% Space Free | Partition Type: FAT32 Drive H: | 149,05 Gb Total Space | 119,55 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Computer Name: XXX-79B56EFB979 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.27 14:57:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2011.06.30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2011.06.23 15:07:32 | 003,321,232 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.02.20 15:37:07 | 000,072,704 | ---- | M] (Autodesk) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.09.21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe ========== Modules (No Company Name) ========== MOD - [2005.09.21 14:13:44 | 000,065,536 | ---- | M] () -- C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe MOD - [2003.05.19 22:16:04 | 000,120,320 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R) SRV - File not found [Auto | Stopped] -- -- (ICQ Service) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (gusvc) SRV - [2011.07.27 02:04:15 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2009.02.20 15:37:07 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008.11.18 21:36:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2007.10.25 21:48:13 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.09.21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.07.27 21:17:17 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.07.27 18:31:59 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.02.20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010.09.05 12:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.05.11 11:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sleen16.sys -- (SLEE_16_DRIVER) DRV - [2008.04.14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.02.25 10:59:02 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.07.15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip) DRV - [2006.09.18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006.09.18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006.05.15 15:35:56 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006.05.15 15:35:42 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006.05.15 15:35:42 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006.05.15 15:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004.04.02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2004.01.29 01:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) DRV - [2003.10.09 12:52:08 | 000,475,788 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003.10.04 06:25:56 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2002.04.17 21:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) DRV - [2001.08.10 08:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.11 06:58:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.11 06:58:24 | 000,000,000 | ---D | M] [2010.07.13 20:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.09.12 11:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\extensions [2011.08.20 06:05:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.12 11:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.16 14:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.10.17 17:54:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2009.01.09 11:34:24 | 000,120,296 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npganymedenet.dll [2011.07.29 04:06:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.29 04:06:05 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.07.29 04:06:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.29 04:06:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.29 04:06:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.11.11 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - File not found O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - File not found O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O4 - HKLM..\Run: [a-squared] C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] File not found O4 - HKLM..\Run: [Lcass] File not found O4 - HKLM..\Run: [Lcass.exe] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SAFEOEM HotKeys] File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312584705375 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.06 02:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.09.12 10:58:36 | 000,000,112 | ---- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe GREGOR-E8A07C53.vbs O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\ɱ¶¾(&K)\command - "" = delautorun.bat O33 - MountPoints2\{8bbf587a-67fb-11de-9d66-000acd144af8}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPI2-C1280US6.vbs O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {77114E14-E47F-2A7A-CB02-20196317EB85} - Browseranpassungen ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {963E454D-1A14-BC4B-BFF4-445C01A39003} - Microsoft Windows Media Player 6.4 ActiveX: {9D20CBE2-698F-0ED4-D3D5-4BBDAEBEC4B1} - DirectAnimation ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F31EEA19-437E-4EC0-A96B-67F56C9E16ED} - Microsoft Windows Media Player ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.12 18:34:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011.09.12 18:21:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Accessories [2011.09.12 18:17:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.09.12 15:44:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Emsisoft Anti-Malware [2011.09.12 15:44:11 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware [2011.09.12 12:56:29 | 098,884,768 | ---- | C] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe [2011.08.27 15:28:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten-Dateien [2011.08.27 14:57:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.08.20 06:51:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE [2011.08.19 11:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.08.19 05:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2011.08.19 05:03:23 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2011.08.19 05:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2011.08.19 05:03:10 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2011.08.19 04:38:03 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.08.19 04:38:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2011.08.19 01:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2011.08.18 23:53:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2011.08.18 23:00:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2011.08.18 18:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ESET [2011.08.18 13:43:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.08.16 15:00:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.12 18:40:53 | 000,000,316 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2011.09.12 18:34:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.12 18:21:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.12 18:20:59 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2011.09.12 17:44:50 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.12 17:41:50 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2011.09.12 17:41:42 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011.09.12 13:01:14 | 102,532,170 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftEmergencyKit.zip [2011.09.12 13:00:18 | 098,884,768 | ---- | M] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe [2011.09.05 17:14:13 | 000,184,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.27 15:28:47 | 000,059,972 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html [2011.08.27 15:16:37 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\p188zo8d.exe [2011.08.27 14:57:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.08.27 14:48:33 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2011.08.19 12:56:56 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.19 12:56:56 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.19 12:56:56 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.19 12:56:56 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.19 05:40:08 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.16 15:25:34 | 000,014,309 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kitler4319.jpg [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.12 17:41:51 | 000,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2011.09.12 17:41:41 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2011.09.12 12:57:08 | 102,532,170 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftEmergencyKit.zip [2011.08.27 15:31:10 | 000,000,316 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2011.08.27 15:28:46 | 000,059,972 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html [2011.08.27 15:16:37 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\p188zo8d.exe [2011.08.27 14:48:31 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2011.08.16 15:25:33 | 000,014,309 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kitler4319.jpg [2011.08.11 13:29:33 | 001,547,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\you.bmp [2011.08.06 03:33:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2011.08.05 22:43:31 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.08.05 17:35:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.07.27 12:33:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.07.27 02:31:17 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini [2010.02.14 01:48:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2010.02.11 06:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.02.11 06:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.10.15 15:00:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2009.04.24 00:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.01.25 03:03:02 | 000,000,159 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2008.01.19 19:10:19 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2008.01.19 19:03:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008.01.18 01:38:17 | 000,001,332 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.01.18 00:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.10.29 17:42:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.10.09 18:11:57 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll [2007.10.09 18:11:45 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe [2007.10.08 23:29:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.03 03:29:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.07.08 18:23:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\sipo4.ini [2007.07.08 14:10:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe [2007.05.20 06:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI [2007.03.06 02:29:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe [2006.11.23 19:30:34 | 000,001,525 | ---- | C] () -- C:\WINDOWS\eReg.dat [2006.11.15 21:49:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.11.06 03:35:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.11.06 03:21:13 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE [2006.11.06 03:21:13 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS [2006.11.06 03:17:26 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006.11.06 03:15:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2006.11.06 03:15:34 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2006.11.06 03:14:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006.11.06 03:14:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006.11.06 03:14:02 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2006.11.06 03:14:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006.11.06 03:11:23 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin [2006.11.06 03:11:23 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin [2006.11.06 03:08:36 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.11.06 03:06:57 | 000,184,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.06 02:57:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.11.06 02:51:53 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.11.06 02:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.11.06 02:44:32 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.11.11 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.11.11 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.11.11 14:00:00 | 000,448,470 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.11.11 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.11.11 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.11.11 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.11.11 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.11.11 14:00:00 | 000,079,910 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.11.11 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.11.11 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.11.11 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.11.11 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.11.11 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.11.11 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.11.11 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.11.11 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll ========== LOP Check ========== [2011.08.18 18:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Aboz [2011.08.05 17:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus [2011.08.06 01:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2011.08.11 13:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Fomiwi [2011.08.11 13:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Iruke [2010.07.13 20:13:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\streamripper [2007.10.03 04:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Teleca [2011.08.18 18:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ugwog [2009.02.20 15:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2008.01.19 18:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2011.07.27 18:31:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2009.10.15 15:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro [2008.09.03 23:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008.01.19 19:03:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2008.07.11 00:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2008.01.20 20:31:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.05 17:27:14 | 000,000,000 | ---D | M] -- C:\ATI [2010.07.13 02:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.08.05 22:00:22 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.07.28 15:41:32 | 000,000,000 | ---D | M] -- C:\peterskleinesordnerchen [2011.09.12 18:00:06 | 000,000,000 | ---D | M] -- C:\Programme [2011.08.18 18:32:45 | 000,000,000 | -H-D | M] -- C:\Recycle.Bi [2006.11.06 03:17:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.07.27 01:56:53 | 000,000,000 | ---D | M] -- C:\Sierra [2011.08.11 12:55:36 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2008.08.27 22:55:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.12 18:34:56 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.11.11 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.11.11 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.11.11 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-12 16:34:57 ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FDCBDD8E < End of report > << Eine Extras.txt wurde nicht erstellt, eine alte hänge ich als .rar-Datei hier an. Ausserdem bleibt der Rechner hängen, wenn ich Gmer.exe gestartet habe und den Scan beginne. Komme ich um eine Neuinstallation herum? Ich hoffe ich habe alles richtig beachtet und freue mich über jede Hilfe. Gruss, Edgar Geändert von edgar_w (12.09.2011 um 20:29 Uhr) Grund: probleme beim zitieren und konnte .rar nicht hochladen |
12.09.2011, 21:28 | #2 |
/// Malwareteam | emisoft Antimalware findet trojaner und virusEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button. Schritt 2 Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab. Gehe nun wie folgt vor (Anleitung):
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist. Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal. Schritt 3
Code:
ATTFilter :OTL O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] File not found O4 - HKLM..\Run: [Lcass] File not found O4 - HKLM..\Run: [Lcass.exe] File not found O32 - AutoRun File - [2011.09.12 10:58:36 | 000,000,112 | ---- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe GREGOR-E8A07C53.vbs O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\1\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\2\Command - "" = G:\.\RECYCLER\Lcass.exe O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat O33 - MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\Shell\ɱ¶¾(&K)\command - "" = delautorun.bat O33 - MountPoints2\{8bbf587a-67fb-11de-9d66-000acd144af8}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\Auto\command - "" = Ghost.pif O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell - "" = AutoRun O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell - "" = AutoRun O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPI2-C1280US6.vbs @Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FDCBDD8E :Commands [purity] [emptytemp]
Schritt 4 Bitte
|
12.09.2011, 22:57 | #3 |
| emisoft Antimalware findet trojaner und virus danke schon mal für die schnelle hilfe,
__________________zu Schritt1: >>>defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:48 on 12/09/2011 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Already disabled -=E.O.F=-<<< Ich habe dann im letzen fenster weder Re-enable noch Disable gedrückt, sondern nur mit dem X oben rechts geschlossen. zu Schritt 2: hatte zwei usb sticks angesclossen ( sind flash-speicher, oder?) und nach anweisung ausgeführt zu Schritt 3: >>>All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FLMOFFICE4DMOUSE deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lcass deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lcass.exe deleted successfully. Folder move failed. G:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a735072-8a5b-11dd-b975-000acd144af8}\ not found. File Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a735072-8a5b-11dd-b975-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a735072-8a5b-11dd-b975-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a735072-8a5b-11dd-b975-000acd144af8}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. File G:\.\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. File G:\.\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e2b1579-b1b3-11de-8551-00115b9916ba}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. File .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. File .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44dd240f-3d72-11df-9f84-00115b9916ba}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61d6735b-7757-11dd-90d8-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61d6735b-7757-11dd-90d8-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61d6735b-7757-11dd-90d8-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61d6735b-7757-11dd-90d8-000acd144af8}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe GREGOR-E8A07C53.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61fb7812-bf76-11e0-b20c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61fb7812-bf76-11e0-b20c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61fb7812-bf76-11e0-b20c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61fb7812-bf76-11e0-b20c-806d6172696f}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. File G:\.\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. File G:\.\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62e4f800-9bcc-11de-852d-00115b9916ba}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79dfc565-358d-11de-a2c7-000acd144af8}\ not found. File Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79dfc565-358d-11de-a2c7-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79dfc565-358d-11de-a2c7-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79dfc565-358d-11de-a2c7-000acd144af8}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{823aedb9-f85c-11dd-bf8d-000acd144af8}\ not found. File delautorun.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbf587a-67fb-11de-9d66-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbf587a-67fb-11de-9d66-000acd144af8}\ not found. File G:\Toshiba\more4you.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e747-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e747-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e747-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e747-90af-11de-851c-00115b9916ba}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e9cf-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e9cf-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a784e9cf-90af-11de-851c-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a784e9cf-90af-11de-851c-00115b9916ba}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4110cc3-53f1-11dd-95da-000acd144af8}\ not found. Item G:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4110cc3-53f1-11dd-95da-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4110cc3-53f1-11dd-95da-000acd144af8}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ not found. File Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9cecfe2-af9a-11df-a43b-00115b9916ba}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9bad66-05dd-11df-9efa-00115b9916ba}\ not found. File G:\USBAutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73115db-8be7-11dd-af18-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73115db-8be7-11dd-af18-000acd144af8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73115db-8be7-11dd-af18-000acd144af8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73115db-8be7-11dd-af18-000acd144af8}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAPPI2-C1280US6.vbs not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FDCBDD8E deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 139932112 bytes ->Temporary Internet Files folder emptied: 6480855 bytes ->Java cache emptied: 54277476 bytes ->FireFox cache emptied: 92878782 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 470 bytes User: All Users User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1225817 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 382154 bytes RecycleBin emptied: 29506506 bytes Total Files Cleaned = 310,00 mb OTL by OldTimer - Version 3.2.26.5 log created on 09122011_231223 Files\Folders moved on Reboot... Folder move failed. G:\autorun.inf scheduled to be moved on reboot. C:\WINDOWS\temp\6622cb9f moved successfully. File move failed. C:\WINDOWS\temp\a39d5762 scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\e9f75c66 scheduled to be moved on reboot. Registry entries deleted on Reboot... <<< zu Schritt 4: ich komme bis zu der Anweisung :"Starte den Scan mit "Scan". beginnt ganz kurz zu scannen und dann bleibt der rechner hängen. In dem Fenster stehen kryptische buchstaben: Type=?; Name=JERGRQF@|@J@; Value= Die Syntax für die Datei... und darunter steht bei sections: C:\\WINDOWS\system32\driversALCXWDM.SYS An der Stelle friert der ganze Rechner ein und nichts geht mehr, nur per Knopf drücken aus- und wieder einschalten. Gruss, Edgar |
13.09.2011, 13:45 | #4 |
| emisoft Antimalware findet trojaner und virus Hallo Swiss, weiter zu Schritt 4: Ich hatte übersehen dass im Taskmanager immer noch die A2guard.exe lief nachdem ich den Emsi AMW Wächter beendet hatte. Der Prozess liess sich auch nicht beenden. Ich habe dann den PC vom Netz getrennt, Emsi komplett deinstalliert und konnte dann mit GMER scannen. Danach Emsi AMW wieder installiert und ins Netz um hier zu posten, etwas kompliziert, aber war so in Ordnung? Gibt es eine einfachere Methode den Wächter für den Scan zu deaktivieren? Hier das Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2011-09-13 14:23:15 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000072 ExcelStor_Technology_J880 rev.PF2OA21B Running: ckpjqk7n.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pfncyaod.sys ---- Kernel code sections - GMER 1.0.15 ---- ? ]ERGRQF@@J@ Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. ! init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7BA6A80] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7798000, 0x1C5D38, 0xE8000020] ? system32\drivers\xpsec.sys Das System kann den angegebenen Pfad nicht finden. ! ? system32\drivers\xcpip.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[828] Secur32.dll!LsaLogonUser 77FC33F1 5 Bytes JMP 01A32C81 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1624] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00EA9FFA .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1624] WS2_32.dll!send 71A14C27 5 Bytes JMP 00EA9B97 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1624] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00EA9EAC .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1624] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00EA9C78 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1624] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00EA9D4B .text C:\WINDOWS\Explorer.EXE[1696] USER32.dll!DisplayExitWindowsWarnings 7E3A9F91 5 Bytes JMP 01782A93 .text C:\WINDOWS\Explorer.EXE[1696] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 022B9FFA .text C:\WINDOWS\Explorer.EXE[1696] WS2_32.dll!send 71A14C27 5 Bytes JMP 022B9B97 .text C:\WINDOWS\Explorer.EXE[1696] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 022B9EAC .text C:\WINDOWS\Explorer.EXE[1696] WS2_32.dll!recv 71A1676F 5 Bytes JMP 022B9C78 .text C:\WINDOWS\Explorer.EXE[1696] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 022B9D4B .text C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe[1800] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00D29FFA .text C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe[1800] WS2_32.dll!send 71A14C27 5 Bytes JMP 00D29B97 .text C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe[1800] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00D29EAC .text C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe[1800] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00D29C78 .text C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe[1800] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00D29D4B .text C:\Programme\Java\jre6\bin\jqs.exe[1888] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01AB9FFA .text C:\Programme\Java\jre6\bin\jqs.exe[1888] WS2_32.dll!send 71A14C27 5 Bytes JMP 01AB9B97 .text C:\Programme\Java\jre6\bin\jqs.exe[1888] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01AB9EAC .text C:\Programme\Java\jre6\bin\jqs.exe[1888] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01AB9C78 .text C:\Programme\Java\jre6\bin\jqs.exe[1888] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 01AB9D4B .text C:\WINDOWS\System32\alg.exe[2284] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00BC9FFA .text C:\WINDOWS\System32\alg.exe[2284] WS2_32.dll!send 71A14C27 5 Bytes JMP 00BC9B97 .text C:\WINDOWS\System32\alg.exe[2284] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00BC9EAC .text C:\WINDOWS\System32\alg.exe[2284] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00BC9C78 .text C:\WINDOWS\System32\alg.exe[2284] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00BC9D4B ---- Devices - GMER 1.0.15 ---- Device \Driver\nvatabus \Device\00000072 ]ERGRQF@@J@ Device \Driver\nvatabus \Device\00000073 ]ERGRQF@@J@ Device \Driver\nvatabus \Device\00000074 ]ERGRQF@@J@ Device \Driver\nvatabus \Device\NvAta0 ]ERGRQF@@J@ ---- EOF - GMER 1.0.15 ---- Passt das??? Gruss, Edgar |
13.09.2011, 17:50 | #5 |
/// Malwareteam | emisoft Antimalware findet trojaner und virus Downloade Dir bitte Malwarebytes
|
14.09.2011, 14:21 | #6 |
| emisoft Antimalware findet trojaner und virus Servus Swiss, nachdem ich wegen dem GMER Scan das Emsisoft Programm wieder installiert und hier gepostet habe, habe ich den scanner nochmal laufen lassen und er hat zwei neue Dateien gefunden. Hier erst der Emsi log und danach das von Malewarebytes: Emsisoft Anti-Malware - Version 5.1 Letztes Update: 13.09.2011 18:31:40 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Speicher, Traces, C:\, D:\, E:\, H:\ Archiv Scan: An Heuristik: Aus ADS Scan: An Scan Beginn: 13.09.2011 18:40:42 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47\291f6e6f-33da5dc1/mail/Cid.class gefunden: Trojan-Downloader.Java.Wanglerimtom!IK C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47\291f6e6f-33da5dc1/mail/VirtualTable.class gefunden: Trojan-Downloader.Java.Wanglerimtom!IK Gescannt Dateien: 116471 Traces: 655558 Cookies: 0 Prozesse: 25 Gefunden Dateien: 2 Traces: 0 Cookies: 0 Prozesse: 0 Registry Keys: 0 Scan Ende: 13.09.2011 23:14:09 Scan Zeit: 4:33:27 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47\291f6e6f-33da5dc1/mail/Cid.class Quarantäne Trojan-Downloader.Java.Wanglerimtom!IK Quarantäne Dateien: 2 Traces: 0 Cookies: 0 Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7713 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14.09.2011 14:58:09 mbam-log-2011-09-14 (14-58-09).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146252 Laufzeit: 17 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Die ist das erste und einzige Malwarebytes log das ich habe. Solange ich nichts anderes von Dir lese lasse ich Emsi AMW laufen. Gruss, Edgar Geändert von edgar_w (14.09.2011 um 14:25 Uhr) Grund: kl nachtrag |
14.09.2011, 22:13 | #7 |
/// Malwareteam | emisoft Antimalware findet trojaner und virus Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
|
15.09.2011, 01:29 | #8 |
| emisoft Antimalware findet trojaner und virus Hi Swiss, hier die logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.09.2011 02:21:24 - Run 3 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 172,88 Mb Available Physical Memory | 33,80% Memory free 1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,60% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 4,00 Gb Free Space | 20,46% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 29,23 Gb Free Space | 99,75% Space Free | Partition Type: NTFS Drive E: | 27,85 Gb Total Space | 10,25 Gb Free Space | 36,80% Space Free | Partition Type: NTFS Drive H: | 149,05 Gb Total Space | 119,57 Gb Free Space | 80,22% Space Free | Partition Type: NTFS Computer Name: XXX-79B56EFB979 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe () ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- File not found SRV - (ICQ Service) -- File not found SRV - (HidServ) -- File not found SRV - (gusvc) -- File not found SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (mi-raysat_3dsmax8) -- C:\Programme\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe () ========== Driver Services (SafeList) ========== DRV - (xpsec) -- File not found DRV - (xcpip) -- File not found DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SLEE_16_DRIVER) -- C:\WINDOWS\system32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (PStrip) -- C:\WINDOWS\system32\drivers\pstrip.sys (EnTech Taiwan) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.11 06:58:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.11 06:58:24 | 000,000,000 | ---D | M] [2010.07.13 20:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.09.14 13:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\extensions [2011.08.20 06:05:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\rphnarye.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.14 13:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.16 14:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.10.17 17:54:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2009.01.09 11:34:24 | 000,120,296 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npganymedenet.dll [2011.07.29 04:06:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.29 04:06:05 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.07.29 04:06:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.29 04:06:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.29 04:06:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.11.11 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - File not found O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O4 - HKLM..\Run: [a-squared] C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SAFEOEM HotKeys] File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312584705375 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.06 02:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:04 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:04 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:05 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.14 13:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.09.14 13:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.09.14 13:21:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.09.14 13:21:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.09.14 13:21:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.09.13 14:25:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Emsisoft Anti-Malware [2011.09.13 14:24:36 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware [2011.09.12 23:12:23 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.12 22:56:03 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2011.09.12 22:52:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\103358-emisoft-antimalware-findet-trojaner-und-virus-Dateien [2011.09.12 18:21:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Accessories [2011.09.12 18:17:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.09.12 17:41:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pidgen.dll.wga [2011.09.12 17:41:39 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll.wga [2011.09.12 12:56:29 | 098,884,768 | ---- | C] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe [2011.09.03 12:17:13 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2011.08.27 15:28:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten-Dateien [2011.08.27 14:57:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.08.20 06:51:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE [2011.08.19 11:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.08.19 11:41:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2011.08.19 11:41:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2011.08.19 11:41:17 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2011.08.19 11:41:11 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011.08.19 11:41:08 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2011.08.19 05:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2011.08.19 05:03:23 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2011.08.19 05:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2011.08.19 05:03:10 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2011.08.19 05:02:26 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2011.08.19 05:02:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2011.08.19 05:02:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2011.08.19 05:02:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2011.08.19 05:02:25 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2011.08.19 05:02:25 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2011.08.19 04:38:03 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.08.19 04:38:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2011.08.19 01:26:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2011.08.18 23:53:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2011.08.18 23:10:49 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2011.08.18 23:08:20 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2011.08.18 23:08:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2011.08.18 23:08:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2011.08.18 23:08:15 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2011.08.18 23:08:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2011.08.18 23:07:40 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2011.08.18 23:07:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2011.08.18 23:07:08 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2011.08.18 23:07:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2011.08.18 23:07:03 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2011.08.18 23:06:44 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011.08.18 23:06:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2011.08.18 23:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2011.08.18 23:03:30 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2011.08.18 23:02:03 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2011.08.18 23:01:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2011.08.18 23:01:27 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2011.08.18 23:01:05 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2011.08.18 23:00:51 | 002,151,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2011.08.18 23:00:50 | 002,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2011.08.18 23:00:50 | 002,029,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2011.08.18 23:00:48 | 002,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2011.08.18 23:00:43 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011.08.18 23:00:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2011.08.18 23:00:29 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2011.08.18 23:00:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2011.08.18 18:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ESET [2011.08.18 13:43:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.08.16 15:00:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2011.08.16 14:59:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.08.16 14:59:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.08.16 14:59:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.08.16 14:59:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe ========== Files - Modified Within 30 Days ========== [2011.09.15 02:08:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.15 02:08:42 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2011.09.14 04:44:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.13 13:32:28 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.12 23:31:27 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ckpjqk7n.exe [2011.09.12 22:52:47 | 000,142,953 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\103358-emisoft-antimalware-findet-trojaner-und-virus.html [2011.09.12 22:48:46 | 000,000,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2011.09.12 22:43:52 | 000,132,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Flash_Disinfector.exe [2011.09.12 21:18:53 | 000,006,812 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Extras.rar [2011.09.12 17:41:50 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2011.09.12 17:41:42 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2011.09.12 13:01:14 | 102,532,170 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftEmergencyKit.zip [2011.09.12 13:00:18 | 098,884,768 | ---- | M] (Emsi Software GmbH ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftAntiMalwareSetup.exe [2011.09.09 11:11:59 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2011.09.05 17:14:13 | 000,184,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.27 15:28:47 | 000,059,972 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html [2011.08.27 14:57:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.08.27 14:48:33 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2011.08.19 12:56:56 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.19 12:56:56 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.19 12:56:56 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.19 12:56:56 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.19 05:40:08 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.16 15:25:34 | 000,014,309 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kitler4319.jpg ========== Files Created - No Company Name ========== [2011.09.12 23:31:26 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ckpjqk7n.exe [2011.09.12 22:52:43 | 000,142,953 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\103358-emisoft-antimalware-findet-trojaner-und-virus.html [2011.09.12 22:43:52 | 000,132,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Flash_Disinfector.exe [2011.09.12 21:18:53 | 000,006,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Extras.rar [2011.09.12 17:41:51 | 000,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2011.09.12 17:41:41 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2011.09.12 12:57:08 | 102,532,170 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EmsisoftEmergencyKit.zip [2011.08.27 15:31:10 | 000,000,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2011.08.27 15:28:46 | 000,059,972 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html [2011.08.27 14:48:31 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2011.08.16 15:25:33 | 000,014,309 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kitler4319.jpg [2011.08.11 13:29:33 | 001,547,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\you.bmp [2011.08.06 03:33:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2011.08.05 22:43:31 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.08.05 17:35:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.07.27 12:33:48 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.07.27 02:31:17 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini [2010.02.14 01:48:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2010.02.11 06:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.02.11 06:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.10.15 15:00:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2009.04.24 00:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.01.25 03:03:02 | 000,000,159 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2008.01.19 19:10:19 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2008.01.19 19:03:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008.01.18 01:38:17 | 000,001,332 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.01.18 00:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.10.29 17:42:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.10.09 18:11:57 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll [2007.10.09 18:11:45 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe [2007.10.08 23:29:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.03 03:29:31 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.07.08 18:23:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\sipo4.ini [2007.07.08 14:10:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe [2007.05.20 06:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI [2007.03.06 02:29:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe [2006.11.23 19:30:34 | 000,001,525 | ---- | C] () -- C:\WINDOWS\eReg.dat [2006.11.15 21:49:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.11.06 03:35:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.11.06 03:21:13 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE [2006.11.06 03:21:13 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS [2006.11.06 03:17:26 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006.11.06 03:15:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2006.11.06 03:15:34 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2006.11.06 03:14:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006.11.06 03:14:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006.11.06 03:14:02 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2006.11.06 03:14:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006.11.06 03:11:23 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin [2006.11.06 03:11:23 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin [2006.11.06 03:08:36 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.11.06 03:06:57 | 000,184,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.06 02:57:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.11.06 02:51:53 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.11.06 02:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.11.06 02:44:32 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.11.11 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.11.11 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.11.11 14:00:00 | 000,448,470 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.11.11 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.11.11 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.11.11 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.11.11 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.11.11 14:00:00 | 000,079,910 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.11.11 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.11.11 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.11.11 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.11.11 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.11.11 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.11.11 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.11.11 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.11.11 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll < End of report > UND:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.09.2011 02:21:24 - Run 3 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 172,88 Mb Available Physical Memory | 33,80% Memory free 1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,60% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 4,00 Gb Free Space | 20,46% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 29,23 Gb Free Space | 99,75% Space Free | Partition Type: NTFS Drive E: | 27,85 Gb Total Space | 10,25 Gb Free Space | 36,80% Space Free | Partition Type: NTFS Drive H: | 149,05 Gb Total Space | 119,57 Gb Free Space | 80,22% Space Free | Partition Type: NTFS Computer Name: XXX-79B56EFB979 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Programme\Autodesk\3dsMax8\3dsmax.exe" = C:\Programme\Autodesk\3dsMax8\3dsmax.exe:*:Disabled:Autodesk 3ds Max 8 "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Disabled:MUZ AOD APP player "C:\Programme\Steam\SteamApps\wacko_wax\condition zero\hl.exe" = C:\Programme\Steam\SteamApps\wacko_wax\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26 "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer "{DBB313D6-4B13-0407-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8 "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility "{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}" = PowerQuest PartitionMagic Pro 7.0 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ASAPI Update" = ASAPI Update "ATI Display Driver" = ATI Display Driver "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Foxit Reader" = Foxit Reader "Half-Life: Counter-Strike" = Half-Life: Counter-Strike "ie8" = Windows Internet Explorer 8 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22) "Nero - Burning Rom!UninstallKey" = Nero OEM "NVIDIA Drivers" = NVIDIA Drivers "PowerStrip 3 (remove only)" = PowerStrip 3 (remove only) "QuickTime" = QuickTime "Revo Uninstaller" = Revo Uninstaller 1.92 "ShutDownTimer_is1" = ShutDownTimer 1.7.0.0 "Steam App 80" = Counter-Strike: Condition Zero "Streamripper" = Streamripper (Remove only) "TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay "tRoX's CS Script Pack v2.0" = tRoX's CS Script Pack v2.0 "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "XviD_is1" = XviD MPEG-4 Video Codec "YTdetect" = Yahoo! Detect ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.09.2011 07:32:41 | Computer Name = XXX-79B56EFB979 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes Modul localspl.dll, Version 5.1.2600.5809, Fehleradresse 0x0003c6f0. Error - 13.09.2011 07:35:01 | Computer Name = XXX-79B56EFB979 | Source = ESENT | ID = 623 Description = wuaueng.dll (716) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde Transaktion: Sitzungs-ID: 0x025503C0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000002D0 Error - 13.09.2011 07:35:50 | Computer Name = XXX-79B56EFB979 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b. Error - 13.09.2011 07:43:54 | Computer Name = XXX-79B56EFB979 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b. Error - 13.09.2011 11:32:32 | Computer Name = XXX-79B56EFB979 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b. Error - 13.09.2011 22:28:14 | Computer Name = XXX-79B56EFB979 | Source = ESENT | ID = 623 Description = wuaueng.dll (928) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde Transaktion: Sitzungs-ID: 0x025503C0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x00000E48 Error - 13.09.2011 22:29:50 | Computer Name = XXX-79B56EFB979 | Source = ESENT | ID = 623 Description = wuaueng.dll (928) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde Transaktion: Sitzungs-ID: 0x025503C0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x00000E48 Error - 14.09.2011 07:16:08 | Computer Name = XXX-79B56EFB979 | Source = ESENT | ID = 623 Description = wuaueng.dll (1796) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde Transaktion: Sitzungs-ID: 0x025503C0 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x000004B4 Error - 14.09.2011 14:14:53 | Computer Name = XXX-79B56EFB979 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ati2evxx.exe, Version 6.14.10.4222, fehlgeschlagenes Modul uxtheme.dll, Version 6.0.2900.5512, Fehleradresse 0x0000224a. Error - 14.09.2011 20:14:52 | Computer Name = XXX-79B56EFB979 | Source = ESENT | ID = 623 Description = wuaueng.dll (380) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde Transaktion: Sitzungs-ID: 0x02550320 Sitzungskontext: 0x00000000 Thread-ID des Sitzungskontextes: 0x00000180 [ System Events ] Error - 14.09.2011 08:49:44 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:44 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:44 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:45 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:45 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:46 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:46 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:46 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:47 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. Error - 14.09.2011 08:49:47 | Computer Name = XXX-79B56EFB979 | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden. < End of report > Bis bald! Gruss, Edgar |
15.09.2011, 17:53 | #9 |
/// Malwareteam | emisoft Antimalware findet trojaner und virus Schritt 1
Code:
ATTFilter :OTL O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - File not found O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - File not found O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - File not found O4 - HKLM..\Run: [SAFEOEM HotKeys] File not found O32 - AutoRun File - [2011.09.12 22:56:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:04 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:04 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.09.12 22:56:05 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ] :Commands [purity] [emptytemp]
|
15.09.2011, 18:22 | #10 |
| emisoft Antimalware findet trojaner und virus Hi Swiss, hier bitteschön: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA61DE26-FA67-4575-9033-918671094293}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{000E148C-F7A7-445A-9044-93BF6CE09ECB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000E148C-F7A7-445A-9044-93BF6CE09ECB}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{000E148C-F7A7-445A-9044-93BF6CE09ECB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000E148C-F7A7-445A-9044-93BF6CE09ECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SAFEOEM HotKeys deleted successfully. File not found. File not found. File not found. File not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 20050081 bytes ->Temporary Internet Files folder emptied: 33554 bytes ->Java cache emptied: 477 bytes ->FireFox cache emptied: 4178547 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: All Users User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 363184 bytes RecycleBin emptied: 302592 bytes Total Files Cleaned = 24,00 mb OTL by OldTimer - Version 3.2.26.5 log created on 09152011_191406 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Gruss, Edgar |
15.09.2011, 19:17 | #11 |
/// Malwareteam | emisoft Antimalware findet trojaner und virus Schritt 1 Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
|
16.09.2011, 12:51 | #13 |
/// Malwareteam | emisoft Antimalware findet trojaner und virus Logfile ist sauber Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
16.09.2011, 17:08 | #14 |
| emisoft Antimalware findet trojaner und virus Hallo Swiss, ich denke soweit ist alles ok. Die Google-links funktionieren auch wieder. Nur mit den Flash anwendungen habe ich noch Probleme, die setzen die CPU auf 100%. Aber dazu habe ich auch schon Literatur gefunden. Vielen Dank Dir für die kompetente Hilfe, ich kenne meinen Rechner jetzt auch etwas besser. Deine Tipps werde ich mir zu Herzen nehmen und umsetzten. Kannst also den Thread aus dem Abo löschen. Danke nochmal und grüaziewohl, Edgar |
Themen zu emisoft Antimalware findet trojaner und virus |
.com, 0x00000001, adobe, alternate, avira, bho, browser, c:\windows\system32\rundll32.exe, einstellungen, emsisoft, emsisoft anti-malware, emsisoft emergency kit, entfernen, error, eset nod32, extras.txt, fehlermeldung, firefox, flash player, format, google, hotkeys, logfile, mozilla, object, otl.txt, plug-in, realtek, rundll, security, shell32.dll, software, starten, traces, trojaner, udp, version., virus, windows, wscript.exe |