Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Auf www.Downloads.de reingefallen

Hallo zusammen. Ich habe mir gestern was bei Downloads.de runtergeladen. Als ich es ausführen wollte ist nichts passiert ausser das der Rechner stark gearbeitet hat. Ich habe bereits mein Avast, Anti malwarebytes (Quick Scan) , Blacklight laufen lassen ohne Erfolg. Im Forum habe ich dann GMER gefunden und wenn ich das laufen lasse kommt mit einmal der Bluescreen auch im abgesicherten Modus. Was kann ich noch tun?

Auf www.Downloads.de reingefallen

OTL Extras logfile created on: 29.01.2012 11:53:29 - Run 1
OTL by OldTimer - Version Folder = C:\Users\Blackside\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,63 Mb Total Physical Memory | 496,54 Mb Available Physical Memory | 48,94% Memory free
2,23 Gb Paging File | 1,44 Gb Available in Paging File | 64,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79,99 Gb Total Space | 25,31 Gb Free Space | 31,64% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 24,49 Gb Free Space | 40,02% Space Free | Partition Type: NTFS
Drive F: | 61,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BLACKSIDE-PC | User Name: Blackside | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

"DisableNotifications" = 0
"EnableFirewall" = 0

"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" = {34122C24-ED60-4B0C-A042-DFF966CEF195}

"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

"{281FA940-D7B6-4C83-A614-9B216F58941C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{695CD87C-94F5-4E70-93A1-F80343013AFA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{80114C69-7792-406D-963B-4F0122BAC66C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82C95B15-0715-4FAB-9BE0-112C86EBD3A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F1EB90D-CF0E-455C-9203-2F739786E503}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A9D065BF-2363-4BDE-83C3-432AF494055C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF9BC516-B45C-43CE-B2C3-5FC1558EA142}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B04E0102-80D6-46D3-B90F-5F2C22DA9B11}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C695D830-2AF3-462F-8EAA-641D10DD9CC3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C8FBF176-050E-4039-986B-D90A6F5E0BB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA4D01A6-B503-4187-B3A3-2952BD578DDA}" = lport=9089 | protocol=6 | dir=in | name=vmware vcenter converter standalone - agent |
"{EC3B1C63-C400-4051-A16B-AC7C3E62CC10}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FB322CA7-23AF-4378-96E8-AB3E0F82876C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

"{28BBCA87-AA70-40CF-B12D-9C3C4199D831}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2FCD85D8-65DB-45E9-80BD-54FCF7DE64BC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3B78178C-7DC1-491B-A155-9AA774AFA427}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9221F71D-1520-493F-ADC0-2A5B7B9482F8}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9BBE9086-5B3C-4DB2-9DA8-E076A7AC3920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA851C8E-E49C-4D39-A938-CE4FFEBBA5F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{B2CD06E2-342B-40D1-AB2A-206EB94B2F71}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C2D76771-AE8C-481A-A40E-3C1139F4717A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D973C7EC-8DD4-4E3E-AF28-E471B24E04C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F11DF7E0-C989-42E5-87FC-D5CF7A136A6F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F3982F26-2769-477D-BB09-2CC3D93BAB7C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{FF407E48-4B09-46C3-B840-1EB5128FC3B6}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{EDF0C1D5-D980-48F9-BA19-0ECEDEF8C5D4}" = VMware vCenter Converter Standalone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"ie7" = Windows Internet Explorer 7
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.01.2012 05:59:01 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 07:18:48 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 07:55:12 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 08:23:40 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 09:12:34 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 11:02:51 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 28.01.2012 15:23:24 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.01.2012 03:48:06 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 29.01.2012 06:10:00 | Computer Name = Blackside-PC | Source = EventSystem | ID = 4609
Description =

Error - 29.01.2012 06:13:34 | Computer Name = Blackside-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ System Events ]
Error - 29.01.2012 06:09:28 | Computer Name = Blackside-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.01.2012 um 11:07:16 unerwartet heruntergefahren.

Error - 29.01.2012 06:09:51 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:00 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:02 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:02 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:02 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:36 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:10:36 | Computer Name = Blackside-PC | Source = DCOM | ID = 10005
Description =

Error - 29.01.2012 06:12:26 | Computer Name = Blackside-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.01.2012 um 11:10:50 unerwartet heruntergefahren.

Error - 29.01.2012 06:16:04 | Computer Name = Blackside-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner

Auf www.Downloads.de reingefallen

--- --- ---

Auf www.Downloads.de reingefallen

