Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.tgt scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff165-ab6c-11df-b865-0016d3c0e817}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2dff167-ab6c-11df-b865-0016d3c0e817}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
C:\Users\Dennis\AppData\Roaming\ICQ Toolbar folder moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
F:\$RECYCLE.BIN.lnk moved successfully.
F:\Bewerbungen.lnk moved successfully.
F:\Bilder.lnk moved successfully.
F:\Filme.lnk moved successfully.
F:\HD-Filme.lnk moved successfully.
F:\Musik-Alben.lnk moved successfully.
F:\Musik.lnk moved successfully.
F:\Soundtrack-Alben.lnk moved successfully.
F:\System Volume Information.lnk moved successfully.
F:\Videos.lnk moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-1235014147-1984952320-3779526693-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-2617947982-1946965418-1152030714-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-3005907653-400381532-2282554573-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RW6BGAU folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE\Sample folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003\$RLCBIEE.XviD-EMPiRE folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-456481388-4042309489-1917448107-1003 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-524960744-1537308869-899931187-1000 folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RJR72HJ folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$RG0XZJB folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380\$R4383VG folder moved successfully.
F:\$RECYCLE.BIN\S-1-5-21-726078758-1530629060-3052329979-98380 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dennis
->Temp folder emptied: 134965747 bytes
->Temporary Internet Files folder emptied: 264576074 bytes
->Java cache emptied: 21975953 bytes
->FireFox cache emptied: 122684728 bytes
->Flash cache emptied: 13548041 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106498628 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 634,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_122757
Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.tgt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JETBB04.tmp not found!
C:\Windows\temp\JETF314.tmp moved successfully.
Registry entries deleted on Reboot...
greetz
Themen zu Dateien nur noch als Verknüpfung auf externer FP
Zum Thema Dateien nur noch als Verknüpfung auf externer FP - hi,
hier das log nach otl-fix:
Code:
Alles auswählen Aufklappen ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value - Dateien nur noch als Verknüpfung auf externer FP...
02.01.2012, 12:44
Hybrid-Darstellung
