GVU Trojaner 2.07 Windows Vista

andihihi · 28.07.2012, 08:00

Guten morgen,

mich hat gestern der Trojenaer GVU 2.07 mit Webcam erwischt. Da mein Rechner schon immer mit einer "Sicherheitswarnung" startet (kann den Herausgeber von Analog Devices nicht verifizieren), die ich manuell bestätigen muss, konnte ich ohne Sperrbildschirm die Scans durchführen. Solange ich die Sicherheitswarnung ignorierte, laufen die Autostarts nicht weiter, Internet und der Rest funktionieren aber - hat es doch noch was gutes!

Habe letzte Nacht mit Malewarebytes gescannt und bin danach den Anweisungen für "alle Hilfesuchenden" gefolgt: Da ich ein 32-Bit-System habe, wollte ich auch in Schritt 3 einen Scan mit "Gmer" durchführen. Hier kommt es jedoch zu einem Systemabsturz (Windows-Fenster: Programm reagiert nicht...).

Ich hänge mal die Logs von Malewarebytes und OTL an. Was tun?

t'john · 28.07.2012, 14:30

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\tclondrv.sys -- (tclondrv) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Afc.sys -- (Afc) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{1029735C-51AF-4E39-8DAA-E566C732424C}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/" 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
[2010.04.13 20:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com 
[2012.05.17 08:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions 
[2010.04.28 06:54:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} 
[2012.05.17 08:46:17 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de 
[2009.09.16 21:23:47 | 000,000,000 | ---D | M] ("Naver") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com 
[2009.09.16 21:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\extensions 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) 
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) 
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) 
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found 
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found 
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found 
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) 
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk = C:\Users\Andreas\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe () 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 

[2012.07.27 20:57:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad 

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE 

[2012.07.28 08:04:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.28 07:50:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.28 07:50:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.28 07:50:45 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

andihihi · 28.07.2012, 15:26

Danke schon mal. Ich komme erst am Dienstag wieder an den Rechner, probiere es dann sofort aus und poste das Ergebnis... Mfg

t'john · 28.07.2012, 15:28

Alles klar.

andihihi · 31.07.2012, 20:10

So, habe das Ganze nun ohne Probs durchlaufen lassen. Hier das Log-File:

Zitat:

========== OTL ==========
Service tclondrv stopped successfully!
Service tclondrv deleted successfully!
File system32\DRIVERS\tclondrv.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service Afc stopped successfully!
Service Afc deleted successfully!
File system32\drivers\Afc.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1029735C-51AF-4E39-8DAA-E566C732424C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1029735C-51AF-4E39-8DAA-E566C732424C}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.n-tv.de/" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}\chrome folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\xpinstall folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\viewsource folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\update folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\shared folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\profile folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\plugins folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\places folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\passwordmgr folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\handling folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\extensions folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\downloads folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\help folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\tree folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\toolbar folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\throbber folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\splitter folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\scrollbar folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\radio folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\icons folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\dirListing folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\console folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\checkbox folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\arrow folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global\alerts folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\global folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\communicator folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser\tabbrowser folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser\preferences folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser\places folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser\feeds folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser\feed folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\browser folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de\defaults\preferences folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de\defaults folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de\chrome folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\firefox@tvunetworks.com\plugins folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\firefox@tvunetworks.com folder moved successfully.
C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions folder moved successfully.
Folder C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\ich@maltegoetz.de\ not found.
Folder C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\ not found.
Folder C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\mg9lttxq.default\extensions\navertheme@nhncorp.com\chrome\mozapps\extensions\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TuneClone deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk moved successfully.
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE moved successfully.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk moved successfully.
C:\Users\Andreas\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\System32\tmp5E9F.tmp deleted successfully.
C:\Windows\System32\tmp5F5B.tmp deleted successfully.
C:\ProgramData\zak_lo0i7g.pad moved successfully.
ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andreas\Desktop\cmd.bat deleted successfully.
C:\Users\Andreas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_210006

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.07.31 21:02:55 | 000,003,712 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012.07.31 21:02:55 | 000,003,712 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

Registry entries deleted on Reboot...

War´s das?

t'john · 31.07.2012, 22:26

Sehr gut!

Ich sag bescheid, wenn wir fertig sind, jetzt kommt Reinigen und Absichern.

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

andihihi · 01.08.2012, 08:19

Richtig! Wie läuft der Rechner? ;-)

Alles soweit prima: Nach dem Durchlaufen des OTL-Scripts und Neustart, musste ich Windows mit dem Product-Key neu aktivirien. Der Rest ist "symptomfrei" und niemand möchte, dass ich ihm Geld überweise, um an meine Daten und Programme zu kommen ;-) [Bei Firefox sind die Add-ons ja ziemlich komplett deaktiviert. Habe bisher nur den Flash-Player aktualisiert und wieder aktiviert... Die anderen dann später mal bei Bedarf]

Also: Hier nun das Log zum aktuellen Malewarebytes-Scan von heute nacht:

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.31.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

01.08.2012 01:04:34
mbam-log-2012-08-01 (07-05-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455818
Laufzeit: 2 Stunde(n), 46 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE_base (PUP.Uusee) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE (PUP.Uusee) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files\Common Files\uusee\uninst.exe (PUP.Uusee) -> Keine Aktion durchgeführt.
C:\Program Files\uusee\bass-plugins.exe (PUP.Uusee) -> Keine Aktion durchgeführt.
C:\Program Files\uusee\uninstuusee.exe (PUP.Uusee) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\UUSee_Setup_2007_Oversea.exe (PUP.Uusee) -> Keine Aktion durchgeführt.

(Ende)

Der AdwareCleaner sagt das hier:

Zitat:

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 09:16:45
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Andreas - ANDREAS-PC
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Andreas\AppData\Roaming\Desktopicon
File Found : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\mg9lttxq.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1562 octets] - [01/08/2012 07:09:16]
AdwCleaner[R2].txt - [1493 octets] - [01/08/2012 09:16:45]

########## EOF - C:\AdwCleaner[R2].txt - [1621 octets] ##########

Falls wir noch eine Phase 4 brauchen, muss ich noch mal um etwas Geduld bitten: Bin schon wieder auf dem Sprung und erst am Sonntag wieder in Rechnernähe.

Dieses Forum ist wirklich supa!

Mfg Andreas

t'john · 01.08.2012, 12:36

Alles klar!

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

andihihi · 05.08.2012, 17:54

Okay, weiter geht´s!

Hier das Ergebnis der adwarecleaner-Aktion:

Zitat:

# AdwCleaner v1.703 - Logfile created 08/05/2012 at 16:02:14
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Andreas - ANDREAS-PC
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Andreas\AppData\Roaming\Desktopicon
File Deleted : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\mg9lttxq.default\prefs.js

C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\mg9lttxq.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1562 octets] - [01/08/2012 07:09:16]
AdwCleaner[R2].txt - [1622 octets] - [01/08/2012 09:16:45]
AdwCleaner[S1].txt - [1673 octets] - [05/08/2012 16:02:14]

########## EOF - C:\AdwCleaner[S1].txt - [1801 octets] ##########

Und hier der Bericht des Malware-Scans mit Emsisoft Anti-Malware:

Zitat:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.08.2012 16:23:16

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 05.08.2012 16:23:47

c:\program files\freerip3 gefunden: Trace.File.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout gefunden: Trace.Registry.freerip v3.0!E1
C:\Users\Andreas\Downloads\agsetup183se.exe gefunden: Adware.Win32.ADON.AMN!E1
C:\Users\Andreas\Downloads\ET_Patch_2_60.exe gefunden: PossibleThreat.Patch.ET!E2
C:\Users\Andreas\Downloads\freeripmp3-setup(1).exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\f33f845-4ebbb775 -> r33ea\r33ed.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\f33f845-4ebbb775 -> r33ea\r33ea.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\f33f845-4ebbb775 -> r33ea\r33eb.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\f33f845-4ebbb775 -> r33ea\r33ec.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\a2.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\C.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\ta.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\tc.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\tb.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4b211524-4f360428 -> ta\er.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4df7eb19-6b4683ff -> giO_a\giO_b.class gefunden: Trojan.Java.Exploit!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4df7eb19-6b4683ff -> giO_a\giO_a.class gefunden: Exploit.Java.CVE-2012-0507!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4df7eb19-6b4683ff -> giO_a\giO_c.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Third.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Statics.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Roi.class gefunden: Java.CVE!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Osia.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Oper.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Lopmoder.class gefunden: Java.CVE!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Leps.class gefunden: Exploit.Java.CVE-2012!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Kop.class gefunden: JAVA.Agent!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> Atomic.class gefunden: Java.CVE!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c7b2e16-28b14a97 -> s.class gefunden: JAVA.Agent!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\346c2815-33937915 -> support\IO.class gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\346c2815-33937915 -> support\Pipe.class gefunden: Exploit.Java.CVE!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\346c2815-33937915 -> support\SendMail.class gefunden: Java.Exploit.CVE-2010!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\346c2815-33937915 -> support\Socket.class gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\35ffda11-6655089e -> a\y.class gefunden: Exploit.Java.CVE-2011!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\37cfa60c-7f97808a -> json\Option.class gefunden: Java.Exploit.CVE-2010!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\37cfa60c-7f97808a -> json\Parser.class gefunden: Exploit.Java.Agent!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\37cfa60c-7f97808a -> json\SmartyPointer.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\37cfa60c-7f97808a -> json\ThreadParser.class gefunden: Exploit.Java.Blacole!E2
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\37cfa60c-7f97808a -> json\XML.class gefunden: Exploit.Java.Blacole!E2

Gescannt 721054
Gefunden 149

Scan Ende: 05.08.2012 18:44:51
Scan Zeit: 2:21:04

mfg Andreas

t'john · 05.08.2012, 20:22

Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

andihihi · 06.08.2012, 07:47

Erledigt! Die Funde von Emsisoft-Anti-Maleware sind gelöscht und Software deinstalliert.

Das Log von ESET Online Scanner kommt hier:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c31e68f8015a2945bef2e909f0a45ec5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-06 01:44:16
# local_time=2012-08-06 03:44:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 25335010 25335010 0 0
# compatibility_mode=5892 16776573 100 100 1177 181735332 0 0
# compatibility_mode=8192 67108863 100 0 167 167 0 0
# scanned=306255
# found=5
# cleaned=5
# scan_time=14852
C:\Users\Andreas\Downloads\FFSetup21(2).exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andreas\Downloads\FFSetup21.exe.part Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andreas\Downloads\FFSetup220(2).zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Andreas\Downloads\FFSetup220.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Andreas\Downloads\freeripmp3-setup.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Was sagst Du?

mfg Andreas

t'john · 06.08.2012, 15:22

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

andihihi · 06.08.2012, 17:43

Das hat geklappt!

(Wie) Geht es weiter?

fragt Andreas

t'john · 06.08.2012, 17:53

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

andihihi · 06.08.2012, 18:49

Das liest sich ja gefährlich, hat aber wunderbar geklappt ;-)

Hier die Log-Files:

1. C:/ComboFix.txt

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-08-05.02 - Andreas 06.08.2012  19:12:03.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1055 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20120731120636_tongshuai120731zanting.swf
c:\favoritevideo\InvisibleFolder\20120731140557_bailianchengxian120803zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20120801172540_haoye120802zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120802095402_jilie120801zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120802095729_jilie120802zhujiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120802153939_youjv37wan120802zhuzta.swf
c:\favoritevideo\InvisibleFolder\20120802154026_youjv37wan120802zhuztb.swf
c:\favoritevideo\InvisibleFolder\20120803102449_shenmoxianjie120803guding1kehuduanhuanchong15.swf
c:\favoritevideo\InvisibleFolder\20120803102644_shenmoxianjie120803guding2kehuduanhuanchong15.swf
c:\favoritevideo\InvisibleFolder\20120803102816_shenmoxianjie120803guding3kehuduanhuanchong15.swf
c:\favoritevideo\InvisibleFolder\20120803105248_sanxingsiii120803zanting.swf
c:\favoritevideo\InvisibleFolder\20120803105417_sanxingsiii120803zanting.swf
c:\favoritevideo\InvisibleFolder\20120803145352_tiantang120806zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120803145528_tiantang120806zanting.swf
c:\favoritevideo\InvisibleFolder\20120803153519_baiduyouxi1208045zhuhc15s.swf
c:\favoritevideo\InvisibleFolder\20120803153951_baiduyouxi120806zhuhc15s.swf
c:\favoritevideo\InvisibleFolder\20120803155606_viptiepian120803zhuhc.swf
c:\favoritevideo\InvisibleFolder\20120805215214_jilie120805zhufuceng.swf
c:\favoritevideo\InvisibleFolder\20120805221250_jilie120805zhuzt.swf
c:\favoritevideo\InvisibleFolder\20120805222033_jilie120808kehuduanjiaobiao.swf
c:\favoritevideo\InvisibleFolder\20120805222041_jilie120808kehuduanjiaobiao.swf
c:\favoritevideo\InvisibleFolder\logclient(0).dll
c:\favoritevideo\InvisibleFolder\logclient.dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pprepair(0).dll
c:\favoritevideo\InvisibleFolder\pprepair.dll
c:\favoritevideo\InvisibleFolder\tipsbubble(0).dll
c:\favoritevideo\InvisibleFolder\tipsbubble.dll
c:\favoritevideo\InvisibleFolder\tipsclient(0).dll
c:\favoritevideo\InvisibleFolder\tipsclient.dll
c:\favoritevideo\InvisibleFolder\tipsdone(0).dll
c:\favoritevideo\InvisibleFolder\tipsdone.dll
c:\favoritevideo\InvisibleFolder\tipsstatistic(0).dll
c:\favoritevideo\InvisibleFolder\tipsstatistic.dll
c:\users\Andreas\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-1228\perl514.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Andreas\AppData\Local\Temp\pdk-Andreas-3796\perl514.dll
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))
.
.
2012-08-06 17:26 . 2012-08-06 17:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-06 16:13 . 2012-08-06 16:13	--------	d-----w-	c:\program files\Common Files\Java
2012-08-06 16:12 . 2012-08-06 16:12	--------	d-----w-	c:\program files\Oracle
2012-08-06 15:43 . 2012-07-05 20:06	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-31 19:53 . 2012-07-31 19:53	--------	d-----w-	c:\programdata\McAfee
2012-07-31 19:00 . 2012-07-31 19:00	--------	d-----w-	C:\_OTL
2012-07-27 21:03 . 2012-07-27 21:03	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Malwarebytes
2012-07-27 21:02 . 2012-07-27 21:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-27 21:02 . 2012-07-27 21:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-27 21:02 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-27 19:28 . 2012-07-27 20:26	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-07-27 19:26 . 2009-10-22 11:54	37392	----a-w-	c:\windows\system32\drivers\56752522.sys
2012-07-27 19:26 . 2009-10-09 21:31	311312	----a-w-	c:\windows\system32\drivers\5675252.sys
2012-07-27 19:26 . 2009-09-25 15:59	128016	----a-w-	c:\windows\system32\drivers\56752521.sys
2012-07-11 06:01 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 05:12 . 2012-04-23 16:00	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-07-11 05:12 . 2012-04-23 16:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-07-11 05:12 . 2012-04-23 16:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-07-11 05:11 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 05:11 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 05:11 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 05:11 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 05:11 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 05:11 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 16:05 . 2012-04-04 16:58	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-05 16:05 . 2011-07-18 05:05	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2010-06-10 05:21	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-29 08:44 . 2012-08-05 13:55	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4571E8DB-5E13-42C2-B133-B71C2419B275}\mpengine.dll
2012-06-02 22:19 . 2012-06-08 23:25	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:25	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:25	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:25	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:25	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:25	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:25	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-08 23:24	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-08 23:24	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-02 18:06	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-16 18:55 . 2010-04-12 19:35	137176	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-05-16 18:55 . 2010-04-12 19:35	268952	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-05-16 18:55 . 2010-04-12 19:35	268952	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-05-08 20:01 . 2011-10-17 16:06	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:01 . 2011-10-17 16:06	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-05-13 21:55 . 2009-05-13 21:55	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-18 20:32 . 2011-03-24 20:54	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-25 3521464]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-25 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1302528]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Internet.lnk - c:\program files\FRITZ!DSL\FritzDsl.exe [2009-7-27 987960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2011-2-5 29184]
Logitech Media Server-Taskleisten-Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-11-6 3051619]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S0 56752522;56752522 Boot Guard Driver;c:\windows\system32\DRIVERS\56752522.sys [x]
S1 56752521;56752521;c:\windows\system32\DRIVERS\56752521.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc	REG_MULTI_SZ   	vvdsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: dkjs.de\vpn
TCP: DhcpNameServer = 192.168.178.1
DPF: {3BAD8041-B0D3-4288-A088-A995F4A1E167} - hxxps://vpn.dkjs.de:8443/23d6ce1c/DrayTunnel.CAB
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\mg9lttxq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-FRITZ!protect - FwebProt.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-06  19:36:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-06 17:36
.
Vor Suchlauf: 14 Verzeichnis(se), 875.603.312.640 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 875.572.760.576 Bytes frei
.
- - End Of File - - 8723E0586AB33AC349BC7CBB3C9E89DC

--- --- ---

2. Add-Remove Programms:

Zitat:

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
AAC Decoder
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.0) - Deutsch
Adobe Shockwave Player 11.5
Amazon MP3-Downloader 1.0.9
Any Video Converter 3.1.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
Audiograbber 1.83 SE
Audiograbber Lame-MP3-Plugin
AutoUpdate
Avira Free Antivirus
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
AVM FRITZ!DSL
AVS Audio Editor version 5.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Big Pizza Ski Challenge 11
Bonjour
CDBurnerXP
Classic Silver Drivers
CutePDF Writer 2.7
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DrayTek Smart VPN Client
F1 2010
FileZilla Client 3.5.3
FireArc Arcade
FormatFactory 2.10
Google Earth
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone-Konfigurationsprogramm
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Logitech Media Server 7.7.2
Logitech Vid HD
Malwarebytes Anti-Malware Version 1.62.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Reader
Microsoft Reader Text-to-Speech deutsch
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKV Splitter
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.7)
Mp3tag v2.44
MSVC80_x86
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA PhysX v8.08.01
ODF Add-In für Microsoft Office
OpenAL
PC Connectivity Solution
PDF Settings CS5
Prish Image Resizer
PunkBuster Services
PxMergeModule
QuickTime
Rapture3D 2.4.4 Game
Real Alternative 2.0.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Sauerbraten
SDP Downloader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Six Engine
Ski Challenge 12 (DE)
Skype™ 5.5
SopCast 3.0.3
SoundMAX
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TVUPlayer 2.5.3.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.0
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WinRAR
Wolfenstein - Enemy Territory
xrecode II 1.0.0.158
Yahoo! BrowserPlus 2.8.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zattoo 3.3.4 Beta
Zattoo4 4.0.5

mfg Andreas

28.07.2012, 15:28	#4
t'john /// Helfer-Team	GVU Trojaner 2.07 Windows Vista Alles klar. __________________ Mfg, t'john Das TB unterstützen

GVU Trojaner 2.07 Windows Vista

Log-Analyse und Auswertung: GVU Trojaner 2.07 Windows Vista