Computer gesperrt - 50€ Zahlen/Daten gelöscht - 2. mal

Angelo7Fold · 08.02.2012, 17:24

Hallo.
Ich hatte vor ein paar Tagen das Problem, dass mein PC gesperrt werden sollte, wegen einem Virus ... jedenfalls wurden damals 100€ verlangt, jetzt sind es 50€ ... ein zweiter Virus, denke ich ... keine Ahnung.
Jedenfalls hier die benötigten Logs:

Zitat:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Ines at 16:47:05 on 2012-02-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1917.1481 [GMT 1:00]
.
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Skype\Phone\Skype.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rtl2.sfgame.de/
uURLSearchHooks: Bigpoint Games DE Toolbar: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - c:\program files\bigpoint_games_de\tbBigp.dll
mURLSearchHooks: Bigpoint Games DE Toolbar: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - c:\program files\bigpoint_games_de\tbBigp.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Bigpoint Games DE Toolbar: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - c:\program files\bigpoint_games_de\tbBigp.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111223134020.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Bigpoint Games DE Toolbar: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - c:\program files\bigpoint_games_de\tbBigp.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ffdwnd] c:\users\ines\appdata\local\mozilla\firefox\firefox.exe
mRun: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRunOnce: [OTL] "c:\users\ines\desktop\24960-OTL.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{037D5EC7-E557-489D-8D82-A738F899D836} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7E9370AE-833E-4AE3-9F9E-EC8AC1FB389A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7E9370AE-833E-4AE3-9F9E-EC8AC1FB389A}\75C414E4D2731483631363 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7E9370AE-833E-4AE3-9F9E-EC8AC1FB389A}\76164756771697 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: {E31004D1-A431-41B8-826F-E902F9D95C81} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 464176]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-18 165680]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-18 64880]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-29 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-18 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-18 150856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-18 338176]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
R3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-29 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-29 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-18 166288]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-4 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-18 57600]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-18 180816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-18 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-18 87656]
S3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2010-9-5 464384]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
=============== File Associations ===============
.
.txt=NFOPad
.
=============== Created Last 30 ================
.
2012-02-05 19:59:03 208896 ----a-w- c:\windows\MBR.exe
2012-02-05 19:59:00 256000 ----a-w- c:\windows\PEV.exe
2012-02-05 19:58:59 98816 ----a-w- c:\windows\sed.exe
2012-02-05 19:58:59 518144 ----a-w- c:\windows\SWREG.exe
2012-02-05 19:58:39 -------- d-s---w- C:\ComboFix
2012-02-05 18:41:21 -------- d-----w- C:\_OTL
2012-02-05 14:30:22 6656 ----a-w- c:\windows\system32\CoInst_070910.dll
2012-02-05 14:30:22 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2012-02-05 14:30:18 129024 ----a-w- c:\windows\system32\SP7302.ax
2012-02-05 14:30:18 -------- d-----w- c:\program files\Hama
2012-02-05 14:30:17 14336 ----a-w- c:\windows\system32\P7302USD.dll
2012-02-05 14:30:16 -------- d-----w- c:\windows\PixArt
2012-02-05 14:30:16 -------- d-----w- c:\program files\common files\PAC7302
2012-02-05 14:23:36 -------- d-----w- c:\users\ines\appdata\local\ElevatedDiagnostics
2012-02-04 23:04:07 -------- d-----w- c:\users\ines\.thumbnails
2012-02-04 22:51:17 -------- d-----w- c:\users\ines\.gimp-2.6
2012-02-04 22:01:59 -------- d-----r- c:\program files\Skype
2012-02-03 14:34:44 -------- d-----w- c:\program files\Galileo Family Quiz - Spezial I
2012-02-03 12:01:11 -------- d-----w- c:\program files\Galileo Family Quiz - Spezial III
2012-02-03 10:48:19 -------- d-----w- c:\program files\Galileo Family Quiz - Spezial II
.
==================== Find3M ====================
.
2012-01-02 06:39:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 16:48:10,33 ===============

Und Attach.txt und Gmer.txt im Anhang als Zip-File ... ^^

Würde mich sehr freuen wenn ihr mir helfen könntet. =)

markusg · 08.02.2012, 17:28

ist ja auch deine eigene schuld, wer nicht bis zum ende arbeitet muss sich halt nicht wundern.
otl logs, wie im ersten thema, erstellen und posten.

Angelo7Fold · 08.02.2012, 17:39

Verdammt, tut mir wirklich leid ._.
Ich hatte in letzter Zeit viel zu tun, ich wollte eigtl. antworten und sagen, dass das bei mir (denke ich), nicht wirklich geklappt hat.
Bei mir stand immer da, dass eine Datei nicht gefunden werden konnte.
Wenn es dieses mal wieder passiert, werde ich ein Screen machen und diesen uploaden.
Hier der OTL Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.02.2012 17:30:05 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Ines\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,52% Memory free
3,74 Gb Paging File | 3,26 Gb Available in Paging File | 86,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,04 Gb Total Space | 115,11 Gb Free Space | 83,99% Space Free | Partition Type: NTFS
Drive E: | 982,13 Mb Total Space | 386,00 Mb Free Space | 39,30% Space Free | Partition Type: FAT
 
Computer Name: INES | User Name: Ines | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.07 19:52:46 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Firefox\plugin-container.exe
PRC - [2012.02.07 19:52:45 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Firefox\firefox.exe
PRC - [2012.02.05 17:38:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ines\Desktop\24960-OTL.exe
PRC - [2011.11.22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.07 19:52:45 | 001,014,232 | ---- | M] () -- C:\Programme\Firefox\js3250.dll
MOD - [2012.01.02 07:39:04 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009.08.16 23:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.10.12 06:00:46 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.09.30 16:01:18 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.09.30 15:58:02 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009.10.14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.04 09:21:28 | 000,464,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.13 23:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2006.11.07 22:24:30 | 000,056,240 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\tbBigp.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://rtl2.sfgame.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 53 88 E3 C0 63 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\tbBigp.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://shakesandfidget.rtl2.de/"
FF - prefs.js..extensions.enabledItems: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.02.07 15:16:30 | 000,000,000 | ---D | M]
 
[2010.09.05 15:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ines\AppData\Roaming\mozilla\Extensions
[2010.09.05 16:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ines\AppData\Roaming\mozilla\Firefox\Profiles\b3buqq76.default\extensions
[2012.02.07 15:16:30 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\tbBigp.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20111223134020.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\tbBigp.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Bigpoint Games DE Toolbar) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - C:\Programme\Bigpoint_Games_DE\tbBigp.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Ines\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Key error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{037D5EC7-E557-489D-8D82-A738F899D836}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E9370AE-833E-4AE3-9F9E-EC8AC1FB389A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.06 16:28:38 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.08 16:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.02.05 20:59:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.05 20:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.05 20:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.05 20:58:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.05 20:58:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.02.05 20:56:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.05 20:53:44 | 004,396,367 | R--- | C] (Swearware) -- C:\Users\Ines\Desktop\ComboFix.exe
[2012.02.05 19:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.05 19:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.02.05 19:41:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.05 18:27:30 | 000,000,000 | ---D | C] -- C:\Users\Ines\Desktop\Logfiles
[2012.02.05 17:46:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ines\Desktop\dds.com
[2012.02.05 17:38:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ines\Desktop\24960-OTL.exe
[2012.02.05 15:30:22 | 000,457,984 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PAC7302.SYS
[2012.02.05 15:30:22 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\CoInst_070910.dll
[2012.02.05 15:30:18 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\SP7302.ax
[2012.02.05 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama
[2012.02.05 15:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Hama
[2012.02.05 15:30:17 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\P7302USD.dll
[2012.02.05 15:30:16 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
[2012.02.05 15:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC7302
[2012.02.05 15:30:15 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.02.05 15:29:33 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\InstallShield
[2012.02.05 15:23:36 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Local\ElevatedDiagnostics
[2012.02.05 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\Ines\.thumbnails
[2012.02.04 23:59:00 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\gtk-2.0
[2012.02.04 23:51:17 | 000,000,000 | ---D | C] -- C:\Users\Ines\Documents\gegl-0.0
[2012.02.04 23:51:17 | 000,000,000 | ---D | C] -- C:\Users\Ines\.gimp-2.6
[2012.02.04 23:02:22 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\Skype
[2012.02.04 23:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.04 23:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.02.04 23:01:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.02.04 23:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.02.03 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Galileo Family Quiz - Spezial I
[2012.02.03 15:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Galileo Family Quiz - Spezial I
[2012.02.03 13:02:05 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Galileo Family Quiz - Spezial III
[2012.02.03 13:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Galileo Family Quiz - Spezial III
[2012.02.03 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Ines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Galileo Family Quiz - Spezial II
[2012.02.03 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Galileo Family Quiz - Spezial II
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.08 16:30:54 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012.02.08 16:24:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.08 16:24:01 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.07 15:21:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 15:21:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 13:14:59 | 000,005,142 | ---- | M] () -- C:\Users\Ines\.recently-used.xbel
[2012.02.05 22:07:56 | 000,255,000 | ---- | M] () -- C:\ladida.jpg
[2012.02.05 20:53:59 | 004,396,367 | R--- | M] (Swearware) -- C:\Users\Ines\Desktop\ComboFix.exe
[2012.02.05 17:52:50 | 000,302,592 | ---- | M] () -- C:\Users\Ines\Desktop\d7r1bfgd.exe
[2012.02.05 17:46:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ines\Desktop\dds.com
[2012.02.05 17:45:09 | 000,000,000 | ---- | M] () -- C:\Users\Ines\defogger_reenable
[2012.02.05 17:41:25 | 000,050,477 | ---- | M] () -- C:\Users\Ines\Desktop\Defogger.exe
[2012.02.05 17:38:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ines\Desktop\24960-OTL.exe
[2012.02.04 23:02:05 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.03 15:35:43 | 000,002,029 | ---- | M] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Unsere Natur verstehen.lnk
[2012.02.03 13:02:05 | 000,002,047 | ---- | M] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Draußen aktiv.lnk
[2012.02.03 11:49:17 | 000,002,038 | ---- | M] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Unser Zuhause entdecken.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.06 13:14:59 | 000,005,142 | ---- | C] () -- C:\Users\Ines\.recently-used.xbel
[2012.02.05 22:07:56 | 000,255,000 | ---- | C] () -- C:\ladida.jpg
[2012.02.05 20:59:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.05 20:59:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.05 20:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.05 20:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.05 20:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.05 17:52:49 | 000,302,592 | ---- | C] () -- C:\Users\Ines\Desktop\d7r1bfgd.exe
[2012.02.05 17:45:09 | 000,000,000 | ---- | C] () -- C:\Users\Ines\defogger_reenable
[2012.02.05 17:41:25 | 000,050,477 | ---- | C] () -- C:\Users\Ines\Desktop\Defogger.exe
[2012.02.05 15:30:18 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012.02.04 23:02:05 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.03 15:35:43 | 000,002,029 | ---- | C] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Unsere Natur verstehen.lnk
[2012.02.03 13:02:05 | 000,002,047 | ---- | C] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Draußen aktiv.lnk
[2012.02.03 11:49:17 | 000,002,038 | ---- | C] () -- C:\Users\Ines\Desktop\Galileo Family Quiz - Unser Zuhause entdecken.lnk
[2010.09.29 15:14:32 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.09.14 15:00:51 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2010.09.05 13:22:55 | 000,168,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

< End of report >

--- --- ---

Nochmals Entschuldigung ._.'

markusg · 08.02.2012, 17:47

hi
in zukunft außerdem finger weg von kino,serien, und sport streams und anderen offensichtlich illegalen dingen im internet, das verringert das infektions risiko :-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Ines\AppData\Local\Mozilla\Firefox\firefox.exe ()
 :Files
C:\Users\Ines\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Angelo7Fold · 08.02.2012, 18:07

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
C:\Users\Ines\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Ines
->Flash cache emptied: 1199 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Ines
->Temp folder emptied: 13064 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91182083 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 868004 bytes
RecycleBin emptied: 30036 bytes

Total Files Cleaned = 88,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_175530

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Das Textdokument hat sich nach dem Neustart geöffnet. ^^

Angelo

Achja, der Upload hat problemlos geklappt. =)

markusg · 08.02.2012, 18:10

danke ir für den upload
bitte servicepack 1 instalieren:
http://www.chip.de/artikel/Windows-7..._46708496.html
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

08.02.2012, 17:28	#2
markusg /// Malware-holic	Computer gesperrt - 50€ Zahlen/Daten gelöscht - 2. mal ist ja auch deine eigene schuld, wer nicht bis zum ende arbeitet muss sich halt nicht wundern. otl logs, wie im ersten thema, erstellen und posten. __________________ __________________

Computer gesperrt - 50€ Zahlen/Daten gelöscht - 2. mal

Log-Analyse und Auswertung: Computer gesperrt - 50€ Zahlen/Daten gelöscht - 2. mal