| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50€ - Trojaner mal wieder...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.03.2012, 20:26
| #1 |
 |  50€ - Trojaner mal wieder... Hallo, auch ich habe mir den 50€-Trojaner eingefangen. Vorhin wurde mein Bildschirm plötzlich schwarz mit der Meldung "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" und der Aufforderung, 50 € für ein Update zu zahlen. Habe mir bereits im abgesicherten Modus OTL heruntergeladen und einen QuickScan durchgeführt, Logfiles siehe unten. Vielen Dank im Voraus für eure Hilfe. Eike OTL-Logfile: OTL logfile created on: 14.03.2012 20:14:56 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Eike\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 86,34% Memory free 7,59 Gb Paging File | 7,07 Gb Available in Paging File | 93,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 93,71 Gb Free Space | 62,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 2,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EIKE-NOTEBOOK | User Name: Eike | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Eike\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SearchAnonymizer) -- C:\Users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (66671092) -- C:\Windows\SysNative\drivers\66671092.sys (Kaspersky Lab) DRV:64bit: - (setup_9.0.0.722_14.03.2012_06-25drv) -- C:\Windows\SysNative\drivers\6667109.sys (Kaspersky Lab) DRV:64bit: - (66671091) -- C:\Windows\SysNative\drivers\66671091.sys (Kaspersky Lab) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{1C8348D9-930C-4A43-BC2D-3317E48A933E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{49A1EAB0-1144-4A07-8F2E-E6A8A4DD5FA0}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4E3CFD44-98A2-4069-88AE-41A2E1CCE162}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={sea rchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{6A0AF959-D626-4115-874B-2C77F0525E64}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{A8030CB7-5E47-4409-B6C1-C06F03B00237}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F75726365 3D3426637469643D435432373336343736&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{FEB66B4D-C854-4D57-8B4D-8CA70166ADA2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8bf3c4b8-2688-417c-995d-022582a01b25&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 10:22:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.26 15:25:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\mail@shopping-preise.de [2011.05.30 18:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eike\AppData\Roaming\mozilla\Extensions [2012.03.10 23:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions [2012.03.10 17:47:08 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.01.04 17:02:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.13 14:30:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.22 15:15:36 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Eike\AppData\Roaming\mozilla\Firefox\Profiles\3t0hc7ei.default\extensions\bug489729@alice0775 [2012.03.10 18:44:53 | 000,001,087 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\11-suche.xml [2012.03.10 18:44:53 | 000,001,131 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\conduit.xml [2012.03.10 18:44:53 | 000,002,422 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\englische-ergebnisse.xml [2012.03.10 18:44:53 | 000,010,703 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\gmx-suche.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-1.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-2.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-3.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-4.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-5.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-6.xml [2012.03.10 18:44:53 | 000,001,103 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin-7.xml [2012.03.10 18:44:53 | 000,001,120 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\icqplugin.xml [2012.03.10 18:44:53 | 000,002,708 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\lastminute.xml [2012.03.10 18:44:53 | 000,005,682 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\webde-suche.xml [2012.03.10 18:44:53 | 000,002,188 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{6ADFFA94-5A6E-49D7-B926-239151B4BBE0}.xml [2012.03.10 18:44:53 | 000,002,077 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{6B526B4C-9D96-48F9-A184-B0188FAC8B02}.xml [2012.03.10 18:44:53 | 000,001,870 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\searchplugins\{FC13FB38-297D-46E0-9C8F-11B313147B3C}.xml [2011.11.09 07:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.09 01:32:25 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} () (No name found) -- C:\USERS\EIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3T0HC7EI.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI () (No name found) -- C:\USERS\EIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3T0HC7EI.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.02.18 10:22:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.10 18:44:53 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.10 18:44:53 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.10 18:44:53 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.10 18:44:53 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.10 18:44:53 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.10 18:44:53 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SkypeM] C:\Users\Eike\AppData\Local\Skype\Skype.exe (Twain Working Group) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk = C:\Users\Eike\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.03.2012_06-25\startup.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05087AF5-09D3-4071-B730-1F485CA40E76}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.29 17:06:55 | 000,155,648 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.09.11 13:55:33 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005.03.14 16:30:41 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{36b6d7ac-89f7-11df-8f2a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{36b6d7ac-89f7-11df-8f2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005.09.29 17:06:55 | 000,155,648 | R--- | M] () O33 - MountPoints2\{b2cc3dd6-289b-11e1-8262-20cf300a6b7e}\Shell - "" = AutoRun O33 - MountPoints2\{b2cc3dd6-289b-11e1-8262-20cf300a6b7e}\Shell\AutoRun\command - "" = F:\install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 20:08:29 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Eike\Desktop\OTL.exe [2012.03.14 19:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.03.14 19:43:26 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\6667109.sys [2012.03.14 19:43:26 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\66671091.sys [2012.03.14 19:43:26 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\66671092.sys [2012.03.14 19:43:25 | 000,000,000 | ---D | C] -- C:\Users\Eike\Desktop\DE-Cleaner powered by Kaspersky [2012.03.10 20:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts-Simulator 2009 [2012.03.10 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009 [2012.03.10 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\My Games [2012.03.10 18:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 Demo [2012.03.10 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 Demo [2012.03.10 18:44:53 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\Opera [2012.03.10 18:44:53 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\DesktopIconForAmazon [2012.03.10 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\OCS [2012.03.10 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.03.10 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Local\Conduit [2012.03.10 17:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeware.de [2012.03.10 17:46:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.03.10 17:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.03.10 17:35:39 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.10 17:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.03.10 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Lite [2012.03.10 17:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.03.03 13:43:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.02.21 16:27:43 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\Physik 1 [2012.02.21 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\Physik 2 [2012.02.21 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Eike\Documents\OC-GPR ========== Files - Modified Within 30 Days ========== [2012.03.14 20:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.14 20:13:49 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys [2012.03.14 20:08:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Eike\Desktop\OTL.exe [2012.03.14 19:57:56 | 001,726,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.14 19:57:56 | 000,740,708 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.14 19:57:56 | 000,696,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.14 19:57:56 | 000,159,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.14 19:57:56 | 000,132,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.14 19:52:20 | 000,002,124 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.03.14 19:52:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.14 19:43:52 | 000,002,317 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk [2012.03.14 18:48:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.03.14 18:37:53 | 000,001,229 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.03.14 18:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.10 20:01:56 | 000,001,285 | ---- | M] () -- C:\Users\Eike\Desktop\Landwirtschafts-Simulator 2009.lnk [2012.03.10 18:56:11 | 000,001,330 | ---- | M] () -- C:\Users\Eike\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2012.03.10 18:44:53 | 000,001,450 | ---- | M] () -- C:\Users\Eike\Desktop\Amazon.lnk [2012.03.10 17:38:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 17:38:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 17:36:45 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.10 17:35:39 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.01 13:53:05 | 000,001,023 | ---- | M] () -- C:\Users\Eike\Desktop\Dropbox.lnk [2012.03.01 13:53:05 | 000,001,003 | ---- | M] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.22 21:47:17 | 000,001,316 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Kingdoms.lnk ========== Files Created - No Company Name ========== [2012.03.14 19:43:52 | 000,002,317 | ---- | C] () -- C:\Users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.03.2012_06-25.lnk [2012.03.14 18:48:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.03.10 20:01:56 | 000,001,285 | ---- | C] () -- C:\Users\Eike\Desktop\Landwirtschafts-Simulator 2009.lnk [2012.03.10 18:56:11 | 000,001,330 | ---- | C] () -- C:\Users\Eike\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2012.03.10 18:44:53 | 000,001,450 | ---- | C] () -- C:\Users\Eike\Desktop\Amazon.lnk [2012.03.10 17:46:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.03.10 17:36:45 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.02.22 21:47:17 | 000,001,316 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Kingdoms.lnk [2012.01.17 19:22:43 | 000,000,537 | ---- | C] () -- C:\Users\Eike\AppData\Roaming\solvents.map [2011.05.31 17:54:40 | 001,623,544 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.11 18:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.02.11 18:15:08 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.02.11 18:15:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.07.07 19:54:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.07.07 19:30:26 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.12.15 18:14:20 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Advanced Chemistry Development [2011.05.31 14:21:10 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Asus WebStorage [2012.03.10 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Lite [2012.01.16 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DAEMON Tools Pro [2012.03.10 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DesktopIconForAmazon [2011.05.31 17:34:29 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Downloaded Installations [2012.03.14 19:52:47 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Dropbox [2011.09.14 22:39:31 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DVDVideoSoft [2011.09.14 22:39:24 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.07 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\FileZilla [2011.06.29 19:45:22 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Firefly Studios [2012.03.14 18:49:41 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\ICQ [2011.10.04 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\LyX2.0 [2011.12.19 20:14:50 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\MusicNet [2011.05.31 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Nitro PDF [2012.03.10 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\OCS [2012.03.14 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Onfyvu [2011.06.09 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\OpenOffice.org [2012.03.10 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Opera [2012.02.05 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\SoftGrid Client [2011.05.31 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\TP [2011.12.19 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\Eike\AppData\Roaming\Ydnaut [2009.07.14 06:08:49 | 000,011,446 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C8B8CEBD < End of report > Extras.txt OTL Extras logfile created on: 14.03.2012 20:14:56 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Eike\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 86,34% Memory free 7,59 Gb Paging File | 7,07 Gb Available in Paging File | 93,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 93,71 Gb Free Space | 62,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 427,49 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 2,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EIKE-NOTEBOOK | User Name: Eike | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02233C32-A584-4337-9FD1-864F6BC43F67}" = Nitro PDF Reader "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "DesktopIconAmazon" = Desktop Icon für Amazon "Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "SearchAnonymizer" = SearchAnonymizer "STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer) "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05) "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console "{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{EA8A00F7-42F3-451A-8FE6-B0947FDC393D}" = IKEA HomePlanner Office "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F92C4EE6-BEA9-11D7-9E00-0004769EEFEB}" = USA Raser "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ACDLabs in C__Program_Files_ChemSketch_" = ACD/Labs Software in C:\Program Files\ChemSketch\ "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "Autobahn Raser IV" = Autobahn Raser IV "DAEMON Tools Lite" = DAEMON Tools Lite "DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition "FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009 "FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo "FileZilla Client" = FileZilla Client 3.5.2 "Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804 "Freeware.de Toolbar" = Freeware.de Toolbar "Google Chrome" = Google Chrome "ICQToolbar" = ICQ Toolbar "iMesh" = iMesh "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "LyX20" = LyX 2.0.0-3 "MestReC_is1" = MestReC 4.9.9 "MestReNova LITE" = MestReNova LITE 5.2.5-4731 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIA.Updatus" = NVIDIA Updatus "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "TinyCAD" = TinyCAD 2.80.03 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.02.2012 06:29:36 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 28.02.2012 06:32:13 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 28.02.2012 13:58:48 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a8 Startzeit: 01ccf5fce0c77a17 Endzeit: 55 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: d8b4ade0-6235-11e1-a24d-20cf300a6b7e Error - 28.02.2012 14:40:01 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1128 Startzeit: 01ccf642c13a7784 Endzeit: 15 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: 9bc83d3e-623b-11e1-a24d-20cf300a6b7e Error - 28.02.2012 14:44:56 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1770 Startzeit: 01ccf648e0e1b651 Endzeit: 16 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: 4a3b11eb-623c-11e1-88e5-20cf300a6b7e Error - 28.02.2012 15:10:12 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm StrongholdKingdoms.exe, Version 1.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e54 Startzeit: 01ccf6491514c114 Endzeit: 156 Anwendungspfad: C:\ProgramData\Firefly Studios\Stronghold Kingdoms\1.21.1.25\StrongholdKingdoms.exe Berichts-ID: cb08c544-623f-11e1-88e5-20cf300a6b7e Error - 29.02.2012 07:02:53 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 29.02.2012 07:05:30 | Computer Name = Eike-Notebook | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 29.02.2012 17:43:07 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d58 Startzeit: 01ccf72636af6e35 Endzeit: 128 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 5b87cd60-631e-11e1-88e5-20cf300a6b7e Error - 29.02.2012 18:06:13 | Computer Name = Eike-Notebook | Source = Application Hang | ID = 1002 Description = Programm ControlDeck.exe, Version 1.0.6.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b44 Startzeit: 01ccf72e2967c47d Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe Berichts-ID: 91c65d00-6321-11e1-88d9-72f06d368626 [ Cisco AnyConnect VPN Client Events ] Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.03.2012 14:52:00 | Computer Name = Eike-Notebook | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory [ System Events ] Error - 02.11.2011 09:33:36 | Computer Name = Eike-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR17 gefunden. Error - 16.11.2011 19:38:12 | Computer Name = Eike-Notebook | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{05087AF5-09D3-4071-B730-1F485CA40E76} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 16.11.2011 19:38:12 | Computer Name = Eike-Notebook | Source = NetBT | ID = 4321 Description = Der Name "EIKE-NOTEBOOK :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 16.11.2011 19:38:13 | Computer Name = Eike-Notebook | Source = NetBT | ID = 4321 Description = Der Name "EIKE-NOTEBOOK :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 28.11.2011 14:36:14 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?11.?2011 um 19:34:36 unerwartet heruntergefahren. Error - 29.11.2011 18:48:22 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?11.?2011 um 23:47:33 unerwartet heruntergefahren. Error - 16.01.2012 17:47:24 | Computer Name = Eike-Notebook | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR11 gefunden. Error - 08.02.2012 16:38:44 | Computer Name = Eike-Notebook | Source = DCOM | ID = 10010 Description = Error - 27.02.2012 09:30:41 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?02.?2012 um 14:29:29 unerwartet heruntergefahren. Error - 29.02.2012 18:04:40 | Computer Name = Eike-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?02.?2012 um 23:03:32 unerwartet heruntergefahren. < End of report > |
|
14.03.2012, 20:28
| #2 |
| /// Malware-holic   | 50€ - Trojaner mal wieder... hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\Eike\AppData\Local\Skype\Skype.exe (Twain Working Group)
:Files
C:\Users\Eike\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
14.03.2012, 20:41
| #3 |
| | 50€ - Trojaner mal wieder... Erstmal danke für die schnelle Antwort!
__________________Hat alles so funktioniert, wie du es beschrieben hattest, movedfiles.zip ist erfolgreich hochgeladen, hier der inhalt der .txt nach dem Neustart: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully. C:\Users\Eike\AppData\Local\Skype\Skype.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Eike ->Flash cache emptied: 82736 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Eike ->Temp folder emptied: 381244560 bytes ->Temporary Internet Files folder emptied: 71738701 bytes ->Java cache emptied: 6806135 bytes ->FireFox cache emptied: 1110246755 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 246717346 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.733,00 mb OTL by OldTimer - Version 3.2.37.0 log created on 03142012_203031 Files\Folders moved on Reboot... C:\Users\Eike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
14.03.2012, 20:47
| #4 |
| /// Malware-holic | 50€ - Trojaner mal wieder...Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.03.2012, 21:24
| #5 |
| | 50€ - Trojaner mal wieder... so, hier das ComboFix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-14.01 - Eike 14.03.2012 20:58:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3884.2294 [GMT 1:00]
ausgeführt von:: c:\users\Eike\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-14 bis 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-03-14 20:13 . 2012-03-14 20:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-14 20:13 . 2012-03-14 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 19:30 . 2012-03-14 19:38 -------- d-----w- C:\_OTL
2012-03-14 18:43 . 2012-03-14 18:43 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-14 18:43 . 2009-10-22 12:54 40464 ----a-w- c:\windows\system32\drivers\66671092.sys
2012-03-14 18:43 . 2009-10-09 22:30 352784 ----a-w- c:\windows\system32\drivers\6667109.sys
2012-03-14 18:43 . 2009-09-25 16:59 157712 ----a-w- c:\windows\system32\drivers\66671091.sys
2012-03-10 19:00 . 2012-03-10 19:01 -------- d-----w- c:\program files (x86)\Landwirtschafts-Simulator 2009
2012-03-10 17:54 . 2012-03-10 17:56 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011 Demo
2012-03-10 17:44 . 2012-03-10 17:44 -------- d-----w- c:\users\Eike\AppData\Roaming\DesktopIconForAmazon
2012-03-10 17:44 . 2012-03-10 17:44 -------- d-----w- c:\users\Eike\AppData\Roaming\OCS
2012-03-10 16:46 . 2012-03-10 16:46 -------- d-----w- c:\program files (x86)\Conduit
2012-03-10 16:46 . 2012-03-10 16:46 -------- d-----w- c:\users\Eike\AppData\Local\Conduit
2012-03-10 16:46 . 2012-03-10 16:46 -------- d-----w- c:\program files (x86)\Freeware.de
2012-03-10 16:46 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2012-03-10 16:46 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2012-03-10 16:35 . 2012-03-10 16:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-10 16:35 . 2012-03-10 16:35 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-10 16:35 . 2012-03-10 16:38 -------- d-----w- c:\users\Eike\AppData\Roaming\DAEMON Tools Lite
2012-03-10 16:34 . 2012-03-10 16:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-03 12:43 . 2012-03-03 12:43 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 12:43 . 2011-07-01 14:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files (x86)\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Freeware.de\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files (x86)\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-07 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Eike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Eike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
setup_9.0.0.722_14.03.2012_06-25.lnk - c:\users\Eike\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.03.2012_06-25\startup.exe [2012-3-14 72208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-7-7 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-7-7 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
S0 66671092;66671092 Boot Guard Driver;c:\windows\system32\DRIVERS\66671092.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 66671091;66671091;c:\windows\system32\DRIVERS\66671091.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 setup_9.0.0.722_14.03.2012_06-25drv;setup_9.0.0.722_14.03.2012_06-25drv;c:\windows\system32\DRIVERS\6667109.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 95592]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-02-04 341296]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-27 1800808]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-03-10 40960]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 18:29]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-07 18:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"Ocs_SM"="c:\users\Eike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-03-10 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Eike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Eike\AppData\Roaming\Mozilla\Firefox\Profiles\3t0hc7ei.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freeware.de Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:CSSQL05"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-14 21:23:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-14 20:23
.
Vor Suchlauf: 10 Verzeichnis(se), 102.292.721.664 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 101.677.129.728 Bytes frei
.
- - End Of File - - 5DA3716E052C0FFC0DF241C87798AD35
|
|
15.03.2012, 12:09
| #6 |
| /// Malware-holic | 50€ - Trojaner mal wieder... Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, bitte melden
__________________ --> 50€ - Trojaner mal wieder... |
|
15.03.2012, 21:47
| #7 |
| | 50€ - Trojaner mal wieder... ok, alle windows-updates konnten beschwerdefrei installiert werden.  |
|
16.03.2012, 13:06
| #8 |
| /// Malware-holic | 50€ - Trojaner mal wieder... das ist doch was :-) malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 18:05
| #9 |
| | 50€ - Trojaner mal wieder... hm, Malwarebytes hat keine infizierten Objekte gefunden... hier jedenfalls das Logfile: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Eike :: EIKE-NOTEBOOK [Administrator] 16.03.2012 15:42:32 mbam-log-2012-03-16 (15-42-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 493088 Laufzeit: 2 Stunde(n), 15 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
16.03.2012, 18:09
| #10 |
| | 50€ - Trojaner mal wieder... dafür hat Microsoft Security Essentials mir gerade den Trojaner Win 32/Ransom.EJ gemeldet... konnte erfolgreich entfernt werden. |
|
17.03.2012, 18:33
| #11 |
| /// Malware-holic | 50€ - Trojaner mal wieder... und wo gemeldet. fundmeldungen nützen mir nur was mit vollständigen angaben. lade den CCleaner standard: CCleaner Download - CCleaner 3.16.1666 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.03.2012, 20:04
| #12 |
| | 50€ - Trojaner mal wieder... also, der Trojaner hatte folgenden Pfad: file:C:\_OTL\MovedFiles\03142012_203031\C_Users\Eike\AppData\Local\Skype\Skype.exe und hier die CCleaner-Liste: ACD/Labs Software in C:\Program Files\ChemSketch\ ACD/Labs 14.12.2011 v12.00, FREE notwendig Acrobat.com Adobe Systems Incorporated 06.07.2010 1,61MB 1.6.65 notwendig Adobe AIR Adobe Systems Inc. 06.07.2010 1.5.0.7220 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.07.2010 10.0.42.34 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 02.03.2012 6,00MB 11.1.102.62 notwendig Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 30.06.2011 165,4MB 10.1.0 notwendig Alice Greenfingers Oberon Media 06.07.2010 unbekannt Anno 1701 Sunflowers 04.06.2011 1.02 notwendig ASUS AI Recovery ASUS 06.07.2010 2,76MB 1.0.9 notwendig ASUS AP Bank ASUSTEK 06.07.2010 1.0.0.0 notwendig ASUS CopyProtect ASUS 06.07.2010 3,62MB 1.0.0015 notwendig ASUS Data Security Manager ASUS 06.07.2010 15,1MB 1.00.0014 notwendig ASUS FancyStart ASUSTeK Computer Inc. 06.07.2010 12,1MB 1.0.8 notwendig ASUS LifeFrame3 ASUS 06.07.2010 27,7MB 3.0.20 notwendig ASUS Live Update ASUS 06.07.2010 2.5.9 notwendig ASUS MultiFrame ASUS 06.07.2010 1.0.0021 notwendig ASUS Power4Gear Hybrid ASUS 06.07.2010 12,2MB 1.1.35 notwendig ASUS SmartLogon ASUS 06.07.2010 10,9MB 1.0.0008 notwendig ASUS Splendid Video Enhancement Technology ASUS 06.07.2010 24,4MB 1.02.0028 notwendig ASUS Virtual Camera asus 06.07.2010 3,12MB 1.0.19 notwendig ASUS WebStorage eCareme Technologies, Inc. 06.07.2010 2.0.46.1429 notwendig ATK Package ASUS 06.07.2010 13,8MB 1.0.0003 notwendig Autobahn Raser IV Davilex Software BV 25.06.2011 0.0.0.4 unnötig Bing Bar Microsoft Corporation 14.03.2012 26,8MB 7.0.850.0 unbekannt Boingo Wi-Fi Boingo Wireless, Inc. 06.07.2010 25,4MB 1.7.0048 notwendig CambridgeSoft Activation Client CambridgeSoft Corporation 15.01.2012 0,81MB 12.0 notwendig CambridgeSoft BioAssay 12.0 CambridgeSoft Corporation 15.01.2012 101,6MB 12.0 notwendig CambridgeSoft ChemBioOffice Ultra 2010 CambridgeSoft Corporation 15.01.2012 322MB 12.0 notwendig CambridgeSoft ChemScript 12.0 CambridgeSoft Corporation 15.01.2012 78,4MB 12.0 notwendig CambridgeSoft Desktop Inventory 12.0 CambridgeSoft Corporation 15.01.2012 153,7MB 12.0 notwendig CambridgeSoft ENotebook 12.0.1 CambridgeSoft Corporation 15.01.2012 87,2MB 12.0.1 notwendig Canon MP550 series MP Drivers 30.05.2011 notwendig CCleaner Piriform 16.03.2012 3.16 notwendig Chicken Invaders 2 Oberon Media 06.07.2010 unbekannt Cisco AnyConnect VPN Client Cisco Systems, Inc. 05.11.2011 4,68MB 2.5.3055 notwendig Conexant HD Audio Conexant 06.07.2010 4.98.18.65 notwendig ControlDeck ASUS 06.07.2010 1,80MB 1.0.6 notwendig CyberLink LabelPrint CyberLink Corp. 06.07.2010 137,6MB 2.5.1908 unnötig CyberLink Power2Go CyberLink Corp. 06.07.2010 110,4MB 6.1.3602c unnötig DAEMON Tools Lite DT Soft Ltd 09.03.2012 4.45.3.0297 notwendig Desktop Icon für Amazon 09.03.2012 1.0.1 (de) unnötig Dream Day Wedding Married in Manhattan Oberon Media 06.07.2010 unbekannt Dropbox Dropbox, Inc. 29.02.2012 1.2.52 notwendig DVDx 4.0 Open Edition labDV 24.12.2011 4.0 (Open Edition) notwendig ETDWare PS/2-x64 7.0.5.10_WHQL ELAN Microelectronics Corp. 06.07.2010 7.0.5.10 unbekannt Fast Boot ASUS 06.07.2010 1,47MB 1.0.5 notwendig FileZilla Client 3.5.2 FileZilla Project 15.01.2012 16,6MB 3.5.2 notwendig Free YouTube Download version 3.0.14.908 DVDVideoSoft Ltd. 13.09.2011 38,9MB notwendig Free YouTube to MP3 Converter version 3.10.7.804 DVDVideoSoft Limited. 12.08.2011 45,3MB notwendig Freeware.de Toolbar Freeware.de 09.03.2012 unnötig Game Park Console Oberon Media, Inc. 06.07.2010 6.2.0.2 unbekannt Google Chrome Google Inc. 06.07.2010 17.0.963.79 unnötig Google Earth Google 17.11.2011 92,7MB 6.1.0.5001 notwendig Google Toolbar for Internet Explorer Google Inc. 06.07.2010 unnötig ICQ Toolbar ICQ 29.05.2011 3.0.0 unnötig ICQ7.5 ICQ 29.05.2011 7.5 notwendig IKEA HomePlanner Office IKEA IT 29.11.2011 21,0MB 1.9.0 unnötig iMesh iMesh Inc. 18.12.2011 11.0.0.118611 unbekannt Intel(R) Control Center Intel Corporation 07.07.2010 1.2.1.1007 notwendig Intel(R) Graphics Media Accelerator Driver Intel Corporation 07.07.2010 8.15.10.2104 notwendig Intel(R) Management Engine Components Intel Corporation 07.07.2010 6.0.0.1179 notwendig Java(TM) 6 Update 26 Oracle 29.05.2011 97,1MB 6.0.260 notwendig JMicron Ethernet Adapter NDIS Driver JMicron Technology Corp. 06.07.2010 6.0.17.1 notwendig JMicron Flash Media Controller Driver JMicron Technology Corp. 06.07.2010 1.0.33.2 notwendig K_Series_ScreenSaver_EN 06.07.2010 unbekannt Landwirtschafts Simulator 2011 Demo GIANTS Software 09.03.2012 395MB 1.0 unnötig Landwirtschafts-Simulator 2009 GIANTS Software 09.03.2012 224MB notwendig LyX 2.0.0-3 LyX Team 03.10.2011 2.0.0-3 notwendig Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 15.03.2012 17,4MB 1.60.1.1000 notwendig MestReC 4.9.9 MestReC 15.01.2012 notwendig MestReNova LITE 5.2.5-4731 Mestrelab Research S.L. 15.01.2012 5.2.5-4731 notwednig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.06.2011 38,8MB 4.0.30319 notwednig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.06.2011 2,94MB 4.0.30319notwendig Microsoft Office 2010 Microsoft Corporation 06.07.2010 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 30.05.2011 14.0.4763.1000 notwednig Microsoft Office Professional Plus 2010 Microsoft Corporation 15.03.2012 14.0.6029.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 30.05.2011 14.0.4763.1000 notwendig Microsoft Security Essentials Microsoft Corporation 14.03.2012 2.1.1116.0 notwednig Microsoft Silverlight Microsoft Corporation 14.03.2012 86,3MB 4.1.10111.0 notwendig Microsoft SQL Server 2005 Microsoft Corporation 14.03.2012 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 29.05.2011 1,72MB 3.1.0000 notwendig Microsoft SQL Server Native Client Microsoft Corporation 14.03.2012 5,84MB 9.00.5000.00 notwendig Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 15.03.2012 24,5MB 9.00.5000.00 notwendig Microsoft SQL Server VSS Writer Microsoft Corporation 14.03.2012 1,10MB 9.00.5000.00 notwendig Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 29.05.2011 0,61MB 1.0.1215.0 notwendig Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 29.05.2011 1,45MB 1.0.1215.0 notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 11.06.2011 0,77MB 9.0.30729.5570 notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 11.06.2011 0,58MB 9.0.30729.5570 notwednig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 29.05.2011 0,77MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,77MB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 28.06.2011 1,42MB 9.0.21022 notwednig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.05.2011 0,58MB 9.0.30729.4148 notwednig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 notwendig MiKTeX 2.9 MiKTeX.org 03.10.2011 2.9 notwendig Mozilla Firefox 10.0.2 (x86 de) Mozilla 17.02.2012 36,5MB 10.0.2 notwendig MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 06.07.2010 1,53MB 4.30.2107.0 unbekannt Nitro PDF Reader Nitro PDF Software 30.05.2011 90,0MB 1.4.0.11 notwendig NVIDIA Drivers NVIDIA Corporation 06.07.2010 63,0MB 1.10.58.36 notwendig OpenOffice.org 3.3 OpenOffice.org 29.05.2011 415MB 3.3.9567 notwendig Piggly FREE Oberon Media 06.07.2010 unbekannt Python 2.5 Martin v. Löwis 15.01.2012 32,3MB 2.5.150 unbekannt SearchAnonymizer 09.03.2012 1.0.1 (de) unbekannt Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Microsoft 15.01.2012 57,00KB 1.0.0 unbekannt shopping-preise.de - AddOn für Firefox shopping-preise.de 09.03.2012 1,54MB 2.81 unbekannt Skype™ 4.2 Skype Technologies S.A. 06.07.2010 31,7MB 4.2.155 notwendig Smileyville FREE Oberon Media 06.07.2010 unbekannt SRS Premium Sound Control Panel SRS Labs, Inc. 06.07.2010 1,85MB 1.8.5100 notwendig STATISTICA 8.0.725.0 CS StatSoft, Inc. 15.01.2012 195,2MB 8.0.725.0 notwendig STATISTICA CambridgeSoft Integration StatSoft, Inc. 15.01.2012 1,00MB 1.00.0000 notwendig STATNOVAPDF (novaPDF Professional Server 5.4 printer) Softland 15.01.2012 notwendig Stronghold 22.07.2011 notwednig Stronghold 2 Deluxe Firefly Studios 29.11.2011 1.40.100 notwendig Stronghold Kingdoms Firefly Studios 21.02.2012 191,9MB Stronghold Kingdoms (Installationsprogramm v1.17) notwendig syncables desktop SE syncables 06.07.2010 163,5MB 5.5.615.9518 unbekannt TinyCAD 2.80.03 TinyCAD 07.11.2011 2.80.03 notwendig USA Raser ComputerBild Spiele 25.06.2011 281MB 1.00.0000 unnötig USB2.0 UVC VGA WebCam Sonix 06.07.2010 5.8.54000.205 notwendig Winamp Nullsoft, Inc 29.05.2011 5.61 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 29.05.2011 75,00KB 1.0.0.1 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 31.05.2011 1,94MB 5.000.818.6 unbekannt Windows Live Essentials Microsoft Corporation 29.05.2011 14.0.8050.1202 unbekannt Windows Live Sync Microsoft Corporation 29.05.2011 2,80MB 14.0.8050.1202 unbekannt Windows Live-Uploadtool Microsoft Corporation 29.05.2011 0,22MB 14.0.8014.1029 unbeaknnt Windows Media Player Firefox Plugin Microsoft Corp 08.09.2011 0,29MB 1.0.0.8 notwendig WinFlash ASUS 06.07.2010 0,82MB 2.30.1 notwendig WinRAR 4.01 (64-Bit) win.rar GmbH 09.06.2011 4.01.0 notwendig Wireless Console 3 ASUS 06.07.2010 2,43MB 3.0.15 notwendig Xvid MPEG-4 Video Codec 16.03.2012 2,30MB unnötig |
|
18.03.2012, 20:57
| #13 |
| /// Malware-holic | 50€ - Trojaner mal wieder... deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Alice Autobahn Bing Chicken CyberLink : beide Desktop Dream Day Freeware.de Game Park Google Chrome Google Toolbar ICQ Toolbar IKEA iMesh Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: Landwirtschafts Simulator 2011 SearchAnonymizer Python shopping Skype™ Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen version 5 ins talieren. deinstaliere: Smileyville USA Windows Live : alle die du nicht nutzt Xvid öffne otl bereinigen neustart. öffne CCleaner analysieren bereinigen neustart. testen wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.03.2012, 22:37
| #14 |
| | 50€ - Trojaner mal wieder... alles erledigt, der pc läuft jetzt wieder so wie vor dem Trojanerbefall. Allerdings konnten die Programme von Oberon Media (s. Liste) nicht deinstalliert werden, die zugehörigen .exe Dateien kann ich aber nirgends finden... |
|
19.03.2012, 11:54
| #15 |
| | 50€ - Trojaner mal wieder... ok, hab sie jetzt doch gefunden... uninstall.exe will nicht, hab jetzt den ganzen installationsordner gelöscht. |
|
| Themen zu 50€ - Trojaner mal wieder... |
| 64-bit, alternate, autorun, bho, bildschirm, blockiert, canon, conduit, converter, defender, document, error, explorer, failed, fehler, firefox, flash player, format, gfnexsrv.exe, google chrome, google earth, home, ip-adresse, kaspersky, microsoft office starter 2010, microsoft office word, mp3, netzwerk, nvidia, plug-in, programm, registry, richtlinie, rundll, searchscopes, security, software, trojaner, usb, version=1.0 |
Linear-Darstellung
