Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Sicherheitswarnung 50 Euro Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.03.2012, 17:43   #1
linski
 
Windows Sicherheitswarnung 50 Euro Virus - Unglücklich

Windows Sicherheitswarnung 50 Euro Virus



Hallo,

Ich hoffe ihr könnt mir weiterhelfen. Ich hatte vor kurzem den bereits beschriebenen Virus mit der Sicherheitswarnung und dem Blackscreen. Immer wenn ich ins Internet gegangen bin, trat der Virus auf. Avira hat nicht funktioniert. Habe dann erstmal mit HijackThis einen Scan gemacht und eine Schaddatei gefunden. Nachdem ich diese entfernt hatte, trat der Virus nicht mehr auf. Habe mir erstmal keine Gedanken gemacht.
Da ich jetzt allerdings Post von meiner Bank erhalten habe, dass auf meinen Account ein Trojanerangriff stattgefunden hat, habe ich mal ein wenig gegoogelt und bin auf dieses Forum gestoßen.
Ich habe jetzt Angst, dass der Trojaner (oder Virus?) immernoch auf meinem Rechner ist, ich ihn aber mit meinem Möglichkeiten nicht finden und entfernen kann.

So bevor jemand mir böse ist, ich habe ich ganz wenig Ahnung (bin eine Frau und beschäftige mich eigentlich nie tiefergehend mit meinem Laptop) bräuchte also eine präzise Anleitung!
Wenn das Thema hier nicht reingehört, oder ich sonst etwas falsch gemacht habe, seid mir bitte nicht böse! Ich habe versucht alles zu befolgen.

Ich hoffe sehr, dass mir jemand weiterhelfen kann!


Ich habe mit OTL folgende Scans gemacht:


OTL logfile created on: 27.03.2012 18:27:49 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Linn\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,09% Memory free
4,19 Gb Paging File | 2,60 Gb Available in Paging File | 61,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,31 Gb Total Space | 95,11 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive D: | 73,65 Gb Total Space | 45,18 Gb Free Space | 61,33% Space Free | Partition Type: NTFS

Computer Name: LINN-PC | User Name: Linn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Linn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - C:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (accsvc) -- C:\Program Files\Common Files\AccSys\accsvc.exe File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NPF) -- system32\drivers\npf.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111044,16981,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://napo.fu-berlin.de/"
FF - prefs.js..network.proxy.http: "http-proxy.fu-berlin.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 18:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.16 12:30:37 | 000,000,000 | ---D | M]

[2009.02.12 15:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linn\AppData\Roaming\mozilla\Extensions
[2012.01.09 16:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linn\AppData\Roaming\mozilla\Firefox\Profiles\ako8i31g.default\extensions
[2011.06.30 10:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linn\AppData\Roaming\mozilla\Firefox\Profiles\ako8i31g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.02 19:35:48 | 000,000,000 | ---D | M] () -- C:\Users\Linn\AppData\Roaming\mozilla\Firefox\Profiles\ako8i31g.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}
[2011.09.02 19:39:28 | 000,002,193 | ---- | M] () -- C:\Users\Linn\AppData\Roaming\Mozilla\Firefox\Profiles\ako8i31g.default\searchplugins\soundcloud.xml
[2011.12.18 21:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.01.16 18:12:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\LINN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AKO8I31G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.21 18:24:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 20:23:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 20:23:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 20:23:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 20:23:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 20:23:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 20:23:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8A63A0E-78CE-446F-AD6E-65FCC39CDABC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Linn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Linn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{982fc29a-833a-11de-8d9b-00030d7c0869}\Shell\AutoRun\command - "" = G:\WDSetup.exe
O33 - MountPoints2\{f0eca85f-8ef8-11de-b5ae-00030d7c0869}\Shell - "" = AutoRun
O33 - MountPoints2\{f0eca85f-8ef8-11de-b5ae-00030d7c0869}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.21 17:34:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.03.16 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.16 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.15 04:00:54 | 000,000,000 | ---D | C] -- C:\769946e7f9a82aa1253bbfd8c60881
[2012.03.05 15:11:53 | 000,000,000 | ---D | C] -- C:\Users\Linn\Desktop\Studienarbeit
[7 C:\Users\Linn\Desktop\*.tmp files -> C:\Users\Linn\Desktop\*.tmp -> ]
[1 C:\Users\Linn\Documents\*.tmp files -> C:\Users\Linn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.27 18:28:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 18:28:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 18:22:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 17:57:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 15:57:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 11:31:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1982B7E0-9FAF-46F3-9A38-48643342316B}.job
[2012.03.26 19:49:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.03.25 10:58:41 | 000,116,196 | ---- | M] () -- C:\Users\Linn\Desktop\mietschuldenfreiheit2.pdf
[2012.03.25 10:33:10 | 000,141,793 | ---- | M] () -- C:\Users\Linn\Desktop\mietschuldenfreiheit.jpg
[2012.03.25 10:12:49 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.25 10:12:49 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.25 10:12:49 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.25 10:12:48 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.23 12:03:46 | 000,000,315 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.03.23 12:03:24 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.16 12:30:37 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.13 11:23:57 | 000,254,102 | ---- | M] () -- C:\Users\Linn\Desktop\Imma.pdf
[7 C:\Users\Linn\Desktop\*.tmp files -> C:\Users\Linn\Desktop\*.tmp -> ]
[1 C:\Users\Linn\Documents\*.tmp files -> C:\Users\Linn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.25 10:58:41 | 000,116,196 | ---- | C] () -- C:\Users\Linn\Desktop\mietschuldenfreiheit2.pdf
[2012.03.25 10:33:10 | 000,141,793 | ---- | C] () -- C:\Users\Linn\Desktop\mietschuldenfreiheit.jpg
[2012.03.16 12:30:37 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.16 12:30:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.13 11:23:57 | 000,254,102 | ---- | C] () -- C:\Users\Linn\Desktop\Imma.pdf
[2011.09.28 22:19:05 | 000,000,680 | ---- | C] () -- C:\Users\Linn\AppData\Local\d3d9caps.dat
[2010.12.29 17:53:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.12.29 17:53:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

< End of report >


und der Zweite:


OTL Extras logfile created on: 27.03.2012 18:27:49 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Linn\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,09% Memory free
4,19 Gb Paging File | 2,60 Gb Available in Paging File | 61,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,31 Gb Total Space | 95,11 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive D: | 73,65 Gb Total Space | 45,18 Gb Free Space | 61,33% Space Free | Partition Type: NTFS

Computer Name: LINN-PC | User Name: Linn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF100BC-8BF3-46CD-A4C3-0599F9179A16}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{16FDD921-D113-42DE-8AE0-6D87995DF3A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1E1C4BC8-77CE-4C57-A514-8529AC6C75EB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{229B5747-327A-4C1A-8664-9E1796FF1120}" = rport=139 | protocol=6 | dir=out | app=system |
"{2DD50525-53CA-4104-8F92-0A899E0246ED}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{3101CAA2-457D-431A-90BC-FC2DD83F5588}" = lport=138 | protocol=17 | dir=in | app=system |
"{32F57C52-A89A-45DE-BB67-EE5E82D5CFD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C9DAAD2-FE23-484B-A4EC-398783BF5A6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{81B5C63D-D664-4403-B395-7A1A5A7448A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89897796-89A7-48E5-9BE3-10FD1535D5FF}" = lport=137 | protocol=17 | dir=in | app=system |
"{98265CCB-1C62-4FA3-8291-580DB9AE45FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9DA33BF-229A-4DD3-B6E7-100E4998BCB8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4230DDB-916F-439A-90EE-FF8EFB00D97C}" = lport=445 | protocol=6 | dir=in | app=system |
"{D13AD40D-26D3-49F3-92F8-8A74A47F72F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC2A4C44-6079-442F-A71C-32DF4A17A4E9}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{DEBEB6C1-3260-4153-9FDD-9505D360EA9B}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E5D95DAF-474A-4298-AD92-DC81A603DA56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEAEFE75-059E-4F00-9DEA-2FB886F10DA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0548B99F-D8B5-41FB-A621-0CEB042834F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1B6987F1-DF1C-4872-9401-1D7AB57CB215}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E0A26E0-81A3-4B4F-8997-41A3C3054B14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B74E904-DB7D-44CB-B5A3-A45C1352B001}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2BBDDDF5-6FE4-47ED-B038-62A7473D5C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CCB649D-954D-4462-AF4D-FC49FD636759}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{43270AAC-E4DF-41CC-A72C-3B7DEBB0C5C1}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{4CA634E4-31C7-46D1-BDF9-DBCD7936534F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58458561-E645-4DE0-98E7-B4E3EAF96DE8}" = protocol=17 | dir=in | app=c:\program files\alice software\alicesetup.exe |
"{5BF60224-E2AC-4967-961A-36235374D840}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{6FCADC4D-8E49-488B-BEFF-DEAF4BAA1F4F}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{72906EB7-4318-4DBA-94CF-6DF58DF61294}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8FEFF5D3-F1C7-4DDC-84D2-AC54C5B1D692}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C64FBC89-501D-45A8-8258-C02D6FA82C31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6C2E3FC-EA92-47AE-B87A-47ED4A96874D}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{C91AA42C-AFC8-4A05-857D-05F2E9EAD471}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{C9944418-36E7-4520-91B3-8FE6DB5744D4}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{CDC8BB00-60C1-4119-8138-7EA98377C7EC}" = protocol=6 | dir=in | app=c:\program files\alice software\alicesetup.exe |
"{E4C13BEA-BAE1-49CC-9CA9-F4EA4D7088BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E583EE84-A68C-4417-BA63-E1DBD6169A3F}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{ED4C5FBF-62B4-4D18-A6C1-C54B4F242B03}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"TCP Query User{4CB88CB9-E69B-413F-A70A-F559D557CFA2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8DB26AAB-5767-4F52-947D-0F0A7F1DD561}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9386D99A-6BFB-499A-A1E0-4C0AA8B38F3D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C0FB6B4E-F37A-4C59-9303-9D7AA284360C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C3025C62-94F2-42D0-8A43-BC6037C56F52}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{C7C0F56E-C80D-4425-9F21-D3EAFF2A2397}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{CF47CEE9-F024-4FEE-8FEF-C9EA57115732}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E44C69E3-44CC-4A30-9F70-8BC256C697AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0C14ADF9-A975-436F-AE07-F38D04A03321}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3CCAFA1D-8220-408F-B985-8024F3BEA6BF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5B1CC5F1-E4FD-44A4-BABC-BAED063CE66D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6763BAAC-4366-4B86-A09A-EEBF4416F5DD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{99E01778-3386-48CF-9910-772AF67D63C3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B1C437E2-4024-40DF-81B4-5560FB65E082}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BCA2D872-1735-4C2B-8423-3B91AFE9CB15}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DF1DF009-36CD-4723-B758-B0D4122372E7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E56F3AE-0DC0-46FF-8629-D6FB612D2188}" = Brother HL-2140
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice Software" = Alice Software 4.10.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Cradle of Rome" = Cradle of Rome (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FinalMediaPlayer_is1" = Final Media Player 2011
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Switch" = Switch Sound File Converter
"Trusted Software Assistant_is1" = File Type Assistant
"Virtual Villagers" = Virtual Villagers (remove only)
"Winamp" = Winamp (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.05.2010 05:23:49 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 03.05.2010 09:20:12 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 04.05.2010 06:48:03 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 05.05.2010 10:03:38 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 05.05.2010 13:45:31 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 07.05.2010 03:27:37 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 07.05.2010 09:01:39 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 08.05.2010 14:59:04 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 09.05.2010 10:34:53 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

Error - 10.05.2010 14:45:56 | Computer Name = Linn-PC | Source = WerSvc | ID = 5007
Description =

[ Media Center Events ]
Error - 16.04.2008 12:47:11 | Computer Name = Linn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.

[ System Events ]
Error - 21.03.2012 11:45:40 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2012 11:47:55 | Computer Name = Linn-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.03.2012 um 16:47:01 unerwartet heruntergefahren.

Error - 21.03.2012 11:49:19 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2012 11:54:15 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21.03.2012 12:04:46 | Computer Name = Linn-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.03.2012 um 17:03:49 unerwartet heruntergefahren.

Error - 21.03.2012 12:06:24 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2012 12:11:30 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 23.03.2012 06:05:07 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.03.2012 08:03:13 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 27.03.2012 05:28:18 | Computer Name = Linn-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Alt 27.03.2012, 18:08   #2
markusg
/// Malware-holic
 
Windows Sicherheitswarnung 50 Euro Virus - Standard

Windows Sicherheitswarnung 50 Euro Virus



hi,
dass gerät hat noch niemals windows updates gesehen?
warum nicht?
aus meiner sicht lohnt sich ne bereinigung nicht, zumal du ja noch post von der bank bekommen hast.
mit formatieren und neu aufsetzen, sind wir allein von der benötigten zeit her gesehen besser drann als mit ner analyse, den ganzen nötigen updates etc, und, da du onlinebanking machst, ist das sowieso das sicherste.
keine angst, hilfe bekommst du dabei.
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Alt 27.03.2012, 18:22   #3
linski
 
Windows Sicherheitswarnung 50 Euro Virus - Standard

Windows Sicherheitswarnung 50 Euro Virus



Hi,

Danke schon mal für die Antwort.
Ist der Virus denn noch drauf?? Oder kann man das nicht so beantworten? Ich frage nur, weil die Post von der Bank könnte ja auch auf den einen Tag zurückzuführen sein, an dem der Virus "aktiv" war. Dann habe ich ja wie ich schon gesagt habe, eine Schaddatei entfernt, dann kam die Meldung nicht mehr.

Wieso das Gerät noch niemals Windows Updates gesehen hat? Keine Ahnung! Ich dachte, Windows macht sowas automatisch?? Habe den Laptop schon seit 2007 und es war ungelogen NIE irgendwas! Ist nichtmal langsamer geworden als früher.
Wozu braucht man denn diese Updates? Hat das was mit dem Virus zu tun?

Ich würde ungern formatieren, da ich das noch nie gemacht habe. Ich glaube ich habe auch die Recovery CDs gar nicht mehr...müsste mir also ein neues Windows kaufen?? Deswegen würde ich gerne erstmal wissen, ob der Virus noch drauf ist, oder nicht!

Tut mir leid, für die Unwissenheit, aber wie gesagt, benutze den Laptop halt nur zum Arbeiten für die Uni (also eben Word) und zum Surfen....deshalb null Ahnung.

Liebe Grüße

Linski
__________________

Alt 27.03.2012, 18:26   #4
markusg
/// Malware-holic
 
Windows Sicherheitswarnung 50 Euro Virus - Standard

Windows Sicherheitswarnung 50 Euro Virus



hi, nein dabei handelt es sich um 2 verschiedene malware familien.
auch wenn wir weiter suchen, du machst onlinebanking, da muss, um sicher zu gehen neu aufgesetzt werden, wenn du nicht eines tages mit geplündertem konto da stehen willst.
windows updates sind ein schritt um infektionen zu verhindern, richtig :-)
wie heißt dein laptop genau, hersteller und typ.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows Sicherheitswarnung 50 Euro Virus
50 euro trojaner, antivir, avira, bho, bonjour, desktop, entfernen, error, euro, excel, firefox, flash player, hijack, hijackthis, home, iexplore.exe, install.exe, logfile, microsoft office word, plug-in, präzise, realtek, scan, searchscopes, security, security scan, sicherheitswarnung, software, svchost.exe, symantec, virus, vista, wenig ahnung, windows




Ähnliche Themen: Windows Sicherheitswarnung 50 Euro Virus


  1. 50 Euro Virus. Windows blockiert!
    Log-Analyse und Auswertung - 05.04.2012 (7)
  2. 50 Euro-Virus Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (17)
  3. 50 Euro Virus Windows blockiert
    Log-Analyse und Auswertung - 01.03.2012 (11)
  4. Windows Sicherheitswarnung mit 50 Euro Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (8)
  5. [2x] Windows-Virus 50 Euro
    Mülltonne - 18.02.2012 (2)
  6. 50 Euro - Virus Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (20)
  7. 50 euro virus windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (7)
  8. 50 Euro Virus - Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  9. 50 Euro Virus auf Windows XP
    Log-Analyse und Auswertung - 13.02.2012 (19)
  10. Windows blockiert... 50 Euro virus
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  11. 50 Euro Virus Windows gesperrt
    Log-Analyse und Auswertung - 11.02.2012 (62)
  12. Windows Upgrade für 50 Euro Virus
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (15)
  13. Windows xp 50 euro Virus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (1)
  14. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  15. Virus Sicherheitswarnung Windows XP 50€
    Log-Analyse und Auswertung - 29.01.2012 (4)
  16. 50 euro Virus / Windows Sperrung
    Log-Analyse und Auswertung - 24.01.2012 (16)
  17. 50 Euro Virus - Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (11)

Zum Thema Windows Sicherheitswarnung 50 Euro Virus - Hallo, Ich hoffe ihr könnt mir weiterhelfen. Ich hatte vor kurzem den bereits beschriebenen Virus mit der Sicherheitswarnung und dem Blackscreen. Immer wenn ich ins Internet gegangen bin, trat der - Windows Sicherheitswarnung 50 Euro Virus...
Archiv
Du betrachtest: Windows Sicherheitswarnung 50 Euro Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.