Windows wurde Blockiert Zahle 100€ und kaufe credits use. ... hilfe Java

mandy010388 · 09.02.2012, 21:19

Hallo,

habe das problem das mein Pc wohl von einem Trojaner verseucht wurde.

Ich kann nur noch im Abgesicherten modus starten.
Was soll ich jetzt tun? Habe mit OTL runtergeladen, anbei der logOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.02.2012 21:14:20 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Notebook\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 79,46% Memory free
3,50 Gb Paging File | 3,17 Gb Available in Paging File | 90,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125,18 Gb Total Space | 68,43 Gb Free Space | 54,66% Space Free | Partition Type: NTFS
Drive D: | 23,86 Gb Total Space | 18,26 Gb Free Space | 76,55% Space Free | Partition Type: FAT32
 
Computer Name: TOBI | User Name: Notebook | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.09 21:09:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Notebook\Desktop\OTL.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.04 19:50:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 20:10:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.15 13:34:10 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.09 13:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 13:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.04 19:50:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.04 19:50:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.08.21 23:29:00 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007.04.02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.07 21:27:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.07 21:27:41 | 000,000,000 | ---D | M]
 
[2011.08.12 21:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notebook\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [vasja] C:\Users\Notebook\AppData\Local\Temp\0.8991129270697319.exe (Orb Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A8A5DEA-DFA7-4614-9991-31120D22AF3B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F311198-918A-47B8-A48D-943F03EF5AF5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Notebook\Pictures\Foto0331.jpg
O24 - Desktop BackupWallPaper: C:\Users\Notebook\Pictures\Foto0331.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 21:09:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Notebook\Desktop\OTL.exe
[2012.02.04 17:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.02.04 17:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.02.03 19:42:47 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.02.03 19:42:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.02.03 19:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2012.02.03 19:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
[2012.01.18 09:05:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.18 09:04:42 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.18 09:04:41 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 21:09:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Notebook\Desktop\OTL.exe
[2012.02.09 21:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 21:01:25 | 1408,835,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.09 20:54:56 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.08 13:49:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.08 13:47:17 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 13:47:17 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 17:42:38 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo ClipFinder HD.lnk
[2012.02.04 17:31:39 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012.02.03 22:19:48 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.03 22:19:48 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.03 22:19:48 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.03 22:19:48 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.03 20:58:54 | 001,099,361 | ---- | M] () -- C:\Users\Notebook\Desktop\Track No01.mp3
[2012.02.03 19:40:32 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2012.01.27 17:35:48 | 000,768,170 | ---- | M] () -- C:\Users\Notebook\Desktop\Kikaninchen HD Anfangs Version.mp3
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2012.02.04 17:42:38 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo ClipFinder HD.lnk
[2012.02.04 17:31:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.02.03 22:21:13 | 000,768,170 | ---- | C] () -- C:\Users\Notebook\Desktop\Kikaninchen HD Anfangs Version.mp3
[2012.02.03 20:58:46 | 001,099,361 | ---- | C] () -- C:\Users\Notebook\Desktop\Track No01.mp3
[2012.02.03 19:40:32 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.08.27 20:50:27 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll
[2011.08.27 20:50:27 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll
[2011.08.27 20:50:27 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll
[2011.08.27 20:50:27 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll
[2011.08.27 20:50:27 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll
[2011.08.27 20:50:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll
[2011.08.27 20:50:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll
[2011.08.27 20:50:27 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll
[2011.08.27 20:50:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll
[2011.08.27 20:50:27 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll
[2011.08.27 20:50:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll
[2011.08.27 20:50:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll
[2011.08.27 20:50:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll
[2011.08.27 20:50:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll
[2011.08.27 20:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll
[2011.08.27 20:50:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll
[2011.08.27 20:50:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll
[2011.08.27 20:50:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll
[2011.08.27 20:50:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll
[2011.08.27 20:50:27 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll
[2011.08.27 20:50:27 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll
[2010.11.07 21:12:21 | 000,225,700 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010.02.21 21:24:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.17 08:36:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.16 23:28:34 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,458,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.11 04:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.01 20:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 14:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >

--- --- ---

Chris4You · 09.02.2012, 21:44

Hi,

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL

O4 - HKCU..\Run: [vasja] C:\Users\Notebook\AppData\Local\Temp\0.8991129270697319.exe (Orb Networks)

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

mandy010388 · 09.02.2012, 22:00

Hier das Ergebniss

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\Notebook\AppData\Local\Temp\0.8991129270697319.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Notebook
->Temp folder emptied: 79109623 bytes
->Temporary Internet Files folder emptied: 465052852 bytes
->Java cache emptied: 197523 bytes
->Google Chrome cache emptied: 6283602 bytes
->Opera cache emptied: 16750728 bytes
->Flash cache emptied: 22428 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8624223 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 549,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02092012_215014

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Chris4You · 09.02.2012, 22:08

Hi,

bitte MAM im Fullscan-Mode laufen lassen!

chris

mandy010388 · 09.02.2012, 23:21

so hier das Ergebniss von MAM

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.07

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Notebook :: TOBI [Administrator]

Schutz: Aktiviert

09.02.2012 22:11:15
mbam-log-2012-02-09 (23-15-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305426
Laufzeit: 1 Stunde(n), 3 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\02092012_215014\C_Users\Notebook\AppData\Local\Temp\0.8991129270697319.exe (Trojan.VUPX.ON1) -> Keine Aktion durchgeführt.
C:\Users\Notebook\Desktop\Alles\Programme\TuneUp.Utilities.2010.v9.0.3000.52.German\keygen.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.

(Ende)

Chris4You · 10.02.2012, 07:31

Hi,

damit dürfte klar sein wie das Teil auf den Rechner gekommen ist
C:\Users\Notebook\Desktop\Alles\Programme\TuneUp.Utilities.2010.v9.0.3000.52.German\keygen.exe

Damit endet allerdings auch hier die weitere Unterstützung, es widerspricht den Boardruls!

chris&out

mandy010388 · 10.02.2012, 07:58

Guten morgen,

und wie bekomme ich das ding weg?

Chris4You · 10.02.2012, 11:18

Hi

MAM löschen lassen...

Aber wie gesagt, weitere Schritte wird es hier nicht mehr geben...
Aber ab- und an ist auch Suchen im Forum ganz hilfreich...

chris

Windows wurde Blockiert Zahle 100€ und kaufe credits use. ... hilfe Java

Plagegeister aller Art und deren Bekämpfung: Windows wurde Blockiert Zahle 100€ und kaufe credits use. ... hilfe Java