Bundespolizei Trojaner (Otl bereits heruntergeladen)

Gurkendieb · 05.07.2012, 18:10

Hallo wie schon im Titel habe ich mir den Bundespolizei Trojaner eingefangen der mich auffordert 100 Euro zu bezahlen. Den Otl scan habe ich jetzt schon durchgeführt hier das Ergebnis.

Vielen dank schonmal

Hier das Otl.txt log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.07.2012 19:37:43 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\silvio\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,99 Gb Available Physical Memory | 88,94% Memory free
15,71 Gb Paging File | 14,86 Gb Available in Paging File | 94,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,69 Gb Total Space | 31,45 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 615,26 Gb Free Space | 88,07% Space Free | Partition Type: NTFS
 
Computer Name: SILVIO-PC | User Name: silvio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.05 18:18:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\silvio\Desktop\24960-OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.06 18:25:40 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.12.06 18:16:02 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.12.06 18:15:46 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.05.24 17:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.28 03:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.06.21 22:13:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.18 21:56:16 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.05 10:18:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.06.21 21:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.06.07 12:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.18 01:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2011.03.09 02:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.08.12 09:58:00 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.08.12 09:58:00 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.08.12 09:58:00 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.08 18:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.05.24 18:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 16:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.02.10 08:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 08:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.24 01:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.01.04 20:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 22:13:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.03 12:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silvio\AppData\Roaming\mozilla\Extensions
[2012.05.02 14:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silvio\AppData\Roaming\mozilla\Firefox\Profiles\082w1d3s.default\extensions
[2012.03.07 09:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.01.04 20:21:05 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.06.21 22:13:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 22:13:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 22:13:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 22:13:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 22:13:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 22:13:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 22:13:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120104171315.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120104171315.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [fedja] C:\Users\silvio\AppData\Local\Temp\roper0dun.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0730AD25-3A7B-4D3A-8F9D-EE550B2B4784}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{355EB1B9-EC59-4B22-BBC6-4E96DD510069}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8846EFD1-1E58-4843-8247-C16EF2478C7E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 19:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.07.05 19:15:24 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{4B87CC40-C863-4695-A31B-703BD8D41E1B}
[2012.07.05 19:15:12 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{4CE442B7-AE2B-4A16-AE74-7A56BCEFB0AE}
[2012.07.05 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Roaming\Malwarebytes
[2012.07.05 18:33:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.05 18:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.05 18:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.05 18:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.05 18:18:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\silvio\Desktop\24960-OTL.exe
[2012.07.05 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{C72D3C5A-931B-4CB1-B1AE-532C94360122}
[2012.07.05 18:07:09 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{801CF689-8CD5-4C3A-8D30-AA21B4AB7618}
[2012.07.05 18:06:56 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{D4F2DCF9-548A-45B8-82B2-C7EA1B860176}
[2012.07.05 17:29:46 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{9626693C-0163-4CAC-8051-2556A90CB397}
[2012.07.05 17:29:33 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{717B0195-0178-4A6E-87B8-5F6213DE2DC1}
[2012.07.05 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{76D8C855-E2CF-4139-8747-71E85FA195F8}
[2012.07.05 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{E5694584-83D7-4995-85F1-F298EAC44D8F}
[2012.07.05 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{85D231EA-3196-4409-965A-304A9FAF344A}
[2012.07.05 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{43151C3E-C5DA-403F-B1FB-6E4B5B3D7D26}
[2012.07.04 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{2AE1EEBF-8854-4F51-9076-EB56CCDC6E54}
[2012.07.04 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{46FC0F4A-BC18-47DC-A6D5-151278AFA119}
[2012.07.04 05:59:41 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{6AF6838D-0993-4477-8D6E-FF2A1A7D2F4E}
[2012.07.04 05:59:26 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{1D1AB750-BB5B-4EFB-AD8C-5AB110632CDB}
[2012.07.03 10:07:33 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{168615DB-86E8-4710-A99F-54DDEB848C24}
[2012.07.03 10:07:21 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{73E65CDD-2454-4312-842A-8FB0A305ACAF}
[2012.07.03 06:25:15 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{F91BD6B1-A722-4222-AEB4-DF6D0CB93C62}
[2012.07.03 06:25:02 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{2A5CBDC1-DD0A-4A13-A897-959616367030}
[2012.07.02 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Roaming\Skype
[2012.07.02 14:29:04 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{E572318E-5BDD-4A7F-BE1D-43245ECBCD31}
[2012.07.02 14:28:53 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{EEDAD006-3711-4698-840F-FF754DE43D8A}
[2012.07.02 06:11:18 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{C7A88208-8542-4180-B4A7-6440C84F26E6}
[2012.07.02 06:11:06 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{0188A3EC-DA78-41D3-B1D9-D7BE411E0FA9}
[2012.07.02 00:51:06 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{78904055-222E-47CD-A0C8-26407ED71294}
[2012.07.02 00:50:52 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{2090C3F8-851A-455B-A0EF-09EF5971566D}
[2012.07.01 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{9E8E013A-0D63-4AFB-9A6A-91E0015033DC}
[2012.07.01 15:48:23 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{6685AF1C-D7DB-42F4-B8FE-C1C08BA6CA20}
[2012.06.30 12:11:58 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{7F675E47-B81A-4302-B1B6-00FD9B38FFD4}
[2012.06.30 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{0D855CE6-A8EA-490D-AFCA-22E61ACD94DA}
[2012.06.30 10:33:34 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{57E65F9C-1F2D-44FC-B2A4-EB7AAD7F2B58}
[2012.06.29 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{C36419A8-1671-443D-8E59-6201397CF839}
[2012.06.29 20:51:03 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{5683BD62-DF53-4A09-BD7D-77D1A72A3A18}
[2012.06.29 13:50:53 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{81F0AD1F-5956-4697-88BD-1173DC28C391}
[2012.06.29 13:50:06 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{8C9025E1-A6D0-4468-A44A-5554AE6E8134}
[2012.06.29 09:20:35 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{E3B0958A-4245-4B9B-9291-61F7FFECD2AD}
[2012.06.29 09:20:21 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{5D4FB39B-9F9C-4CF9-A147-EBFFBA286554}
[2012.06.29 01:54:20 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{492FB492-9243-4319-9420-E2B321FAC27A}
[2012.06.29 01:54:09 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{E95BDFC2-A2CD-4E75-BFF2-09E6C8FF0D79}
[2012.06.28 11:23:39 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{013CED27-1901-4AA1-BF6E-46CFF21103AD}
[2012.06.28 11:19:17 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{211063DF-B587-480D-80E6-8803A720C96D}
[2012.06.27 10:27:21 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{848848C2-EF78-4118-9926-75595F6B0F46}
[2012.06.27 10:27:09 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{BDCE70EC-9ECB-4AAB-9D21-C64C4170C1D7}
[2012.06.26 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{D54B1F40-838A-4F56-933F-CA441843BE03}
[2012.06.26 09:48:35 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{5E58A023-A282-4840-8FE1-117C18CC6288}
[2012.06.25 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{4E4F54EF-D80C-423F-BB0C-E898E8CD68D8}
[2012.06.25 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{3FD55DFF-1528-474A-B97A-C0BE42217320}
[2012.06.25 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{75E026F6-BF2F-4F5F-BA55-10C65E389F02}
[2012.06.25 16:25:03 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{FB69D854-3C84-4C40-9CFB-AF1CDF0B96C1}
[2012.06.25 16:22:57 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{6AAD1B5B-7845-44BE-B909-8F56104FC7FB}
[2012.06.25 08:51:53 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{C2B4A371-18C1-4175-BDA6-A526A18C37FB}
[2012.06.25 08:51:12 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{64C8EEBD-17B0-4229-945A-76CB1693DEB3}
[2012.06.25 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{B91EC736-2FF9-43CF-B8B8-9EA08E3D7EA1}
[2012.06.25 08:44:37 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{8DCAA2EF-575B-4E11-951F-F1A15B30D298}
[2012.06.24 10:53:05 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{D4323261-CB31-4AD9-9C38-E3AE5BED2E02}
[2012.06.24 10:52:25 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{FC9E1F46-C30F-40CB-AD30-9DB9178B7D74}
[2012.06.23 18:08:00 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{F818E30F-FC65-419F-811E-9752D58390B0}
[2012.06.23 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{DB5AE05D-5712-4A55-83BF-FFA97142CC85}
[2012.06.23 09:55:12 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{BD0C4284-556C-448B-8BE5-C8F2DD2FFB1F}
[2012.06.23 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{D44CA3A3-998C-4C88-9B97-A8F6E03B863E}
[2012.06.23 02:06:33 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{342CD786-C4D3-4304-BE37-58E24EE72068}
[2012.06.22 14:06:33 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{98D78DD1-CDCF-459D-91AB-B0F688E6F07D}
[2012.06.22 14:02:39 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{3A886A2E-BF60-4F7A-9D85-CA5B8ABC5215}
[2012.06.22 07:19:31 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{A16D805F-9FA7-41A9-97F3-3A71DAB728FC}
[2012.06.22 07:19:19 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{B2995BB0-60F5-4A58-B66B-DE8819A21D41}
[2012.06.21 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{F822EF98-F161-4E16-BD65-67A8F1793DEB}
[2012.06.21 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{71CC45A2-76A3-409E-B130-5B209606E140}
[2012.06.21 10:37:00 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{D8BDAA92-4A8B-46C4-B808-C61D1E6F14F4}
[2012.06.21 10:36:48 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{AFA28270-B2D9-403F-BE77-9514F7E09641}
[2012.06.20 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{802020CC-9765-439A-8396-64492DBFD322}
[2012.06.20 22:12:42 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{62D4F96F-36FC-4D3F-A706-46E8237E6770}
[2012.06.20 09:59:24 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{76B1954E-E7FF-4DAA-9AB5-6FCE35C51244}
[2012.06.20 09:59:13 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{DF6E145E-3A61-40CD-843F-6780CA92F327}
[2012.06.19 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{27C085DA-2685-43B9-9C05-F639DF565087}
[2012.06.19 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{1FCDA091-1133-4A77-AA91-256B94CFA4A5}
[2012.06.18 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{7A7C675C-D163-4AFA-B5FB-DFD22B9E6942}
[2012.06.18 00:17:15 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{004AE354-0D30-4E50-9790-3515D80F6DF8}
[2012.06.16 08:58:31 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{3CD61877-C0B4-4FD1-9978-1F9400E6CC38}
[2012.06.15 20:06:40 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{385A89B8-E744-4BAA-A6FA-59A83184C50C}
[2012.06.13 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{38DD4B8E-80FB-42CC-8D0A-6AFC2AB94A68}
[2012.06.13 15:12:06 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{2D025FC9-C8FF-4A41-91C1-97D8909A822F}
[2012.06.12 13:32:31 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{A7C91F6B-D433-4D04-864D-1A3F86E9B5D0}
[2012.06.12 13:32:19 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{A25C3E51-5FA1-4BC1-9E5A-0341FDF8358D}
[2012.06.12 07:46:37 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{DCA0E3CF-273D-4555-826F-C2619B7F620C}
[2012.06.12 07:46:25 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{6175856A-4A58-4BED-B9E1-E417950768E6}
[2012.06.11 06:17:45 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{8E30F73C-062F-4D91-97EA-EDDA376C68BB}
[2012.06.11 06:17:33 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{522BAB42-3F84-48D2-8E63-F99810F13971}
[2012.06.10 22:59:02 | 000,000,000 | ---D | C] -- C:\Users\silvio\AppData\Local\{5ED1845C-261D-4D6C-8C36-0DC2823739F6}
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 19:34:05 | 000,000,000 | ---- | M] () -- C:\Users\silvio\defogger_reenable
[2012.07.05 19:32:56 | 000,050,477 | ---- | M] () -- C:\Users\silvio\Desktop\Defogger.exe
[2012.07.05 19:23:31 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2012.07.05 19:20:39 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 19:20:39 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 19:20:39 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 19:20:39 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 19:20:39 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 19:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 19:16:27 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 18:33:24 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 18:18:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\silvio\Desktop\24960-OTL.exe
[2012.07.05 18:12:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 18:12:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 20:38:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.14 03:21:22 | 000,271,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 15:13:07 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.05 19:34:05 | 000,000,000 | ---- | C] () -- C:\Users\silvio\defogger_reenable
[2012.07.05 19:32:56 | 000,050,477 | ---- | C] () -- C:\Users\silvio\Desktop\Defogger.exe
[2012.07.05 18:33:24 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 19:22:42 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2012.05.18 18:09:26 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.18 18:09:26 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.01 17:17:29 | 000,000,122 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012.01.17 00:29:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.01.03 13:36:42 | 000,007,605 | ---- | C] () -- C:\Users\silvio\AppData\Local\Resmon.ResmonCfg
[2011.10.05 10:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.05 09:59:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.08.12 10:02:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.12 10:02:48 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.12 10:02:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.12 10:02:47 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.12 10:02:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 10:02:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== LOP Check ==========
 
[2012.05.18 17:39:42 | 000,000,000 | ---D | M] -- C:\Users\silvio\AppData\Roaming\Origin
[2012.01.03 12:01:06 | 000,000,000 | ---D | M] -- C:\Users\silvio\AppData\Roaming\Screensaver
[2012.04.26 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\silvio\AppData\Roaming\TS3Client
[2012.04.03 12:15:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus · 09.07.2012, 14:42

Zitat:

Boot Mode: SafeMode with Networking |

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Gurkendieb · 10.07.2012, 15:12

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
silvio :: SILVIO-PC [Administrator]

Schutz: Deaktiviert

10.07.2012 12:47:12
mbam-log-2012-07-10 (12-47-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 362117
Laufzeit: 11 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fedja (Trojan.Agent) -> Daten: C:\Users\silvio\AppData\Local\Temp\roper0dun.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\silvio\AppData\Local\Temp\roper0dun.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier noch das ESET Scanlog

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1d4e0856c3cc804ea4e9e9f66ecad9e1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-10 03:03:23
# local_time=2012-07-10 05:03:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777214 100 75 15197685 42389110 0 0
# compatibility_mode=5893 16776574 100 94 24092651 93559916 0 0
# compatibility_mode=8192 67108863 100 0 12771 12771 0 0
# scanned=144474
# found=14
# cleaned=0
# scan_time=2558
C:\Users\silvio\AppData\Local\Mozilla\Firefox\Profiles\082w1d3s.default\Cache\8\95\BFC7Fd01	JS/Exploit.Pdfka.PJV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\Local\Temp\jar_cache1104863678107338523.tmp	probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\Local\Temp\jar_cache3145694879495504762.tmp	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\Local\Temp\jar_cache4838378570480017775.tmp	probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\Local\Temp\jar_cache7435043319375936147.tmp	a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\Local\Temp\jar_cache8618512521884181150.tmp	Java/Exploit.CVE-2012-0507.O trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7976ca0b-39633ee8	Java/Exploit.CVE-2011-3544.BA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2b907311-692cc48f	a variant of Java/Exploit.CVE-2012-0507.CC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\724b84d1-5882896a	Java/Exploit.Agent.NBE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1da7239e-2932f0c8	a variant of Java/Exploit.CVE-2012-0507.BZ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6bfdef27-468b8445	a variant of Java/Exploit.CVE-2012-0507.BZ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2e9bdf30-643a48bb	Java/Exploit.CVE-2012-0507.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\408225f7-79b3ff4a	Java/Exploit.CVE-2011-3544.BA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\silvio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3e5bfbfe-6f00da80	Java/Exploit.CVE-2012-0507.CS trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 10.07.2012, 20:29

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Gurkendieb · 11.07.2012, 08:53

Ja geht wieder alles Normal und außer der Autostart Ordner ist keiner leer. Da weiss ich allerdings auch nicht ob da vorher was drin war.

cosinus · 11.07.2012, 12:00

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Gurkendieb · 16.07.2012, 07:49

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/16/2012 at 08:49:17
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : silvio - SILVIO-PC
# Running from : C:\Users\silvio\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\silvio\AppData\Roaming\OpenCandy

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\silvio\AppData\Roaming\Mozilla\Firefox\Profiles\082w1d3s.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Gurkendieb\AppData\Roaming\Mozilla\Firefox\Profiles\ic1pv9nr.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [911 octets] - [16/07/2012 08:49:17]

########## EOF - C:\AdwCleaner[R1].txt - [1038 octets] ##########

cosinus · 16.07.2012, 16:06

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

10.07.2012, 20:29	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner (Otl bereits heruntergeladen) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner (Otl bereits heruntergeladen)

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner (Otl bereits heruntergeladen)