wpbt0.dll Das angegebene Modul wurde nicht gefunden

tobs · 29.07.2012, 12:41

Guten Mittag - ein Schädling hatte sich bei mir eingenistet - Version mit Bildschirm Bundesbehörde, Webcamfenster.
Malwarebytes hat einen Übeltäter in der Datei wpbt0.dll erkannt und diese entfernt.

Der Rechner läuft seitdem stabil und ohne Probleme. Bei Einloggen erscheint jedoch die Fehlermeldung: Fehler beim Laden von c:\Dokume~\jpg\Lokale~\Temp\wpbt0.dll Das angegebene Modul wurde nicht gefunden. Diese Meldung erscheint nur beim Einloggen als User, nicht beim Admin.

Ein Komplettscan mit Malwarebytes zeigte keine infizierten Objekte an. Scanlog in angehängter Datei.

Interessant könnte ggf auch noch sein, dass das Windows Sicherheitszentrum gerne das Sicherheitsupdate für Windows XP SP3 (KB952069) installieren würde. Aber jedes mal nach dem Runterfahren mit Installation würde der Rechner es gerne nach wie vor installieren...?

Habe also die von Euch empfohlenen Schritte ausgeführt:

Code:

ATTFilter

Anleitung Schritt 1:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:12 on 29/07/2012 (root2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-

OTL logfile:

Code:

ATTFilter

OTL logfile created on: 29.07.2012 09:15:43 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Dokumente und Einstellungen\jpg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,45% Memory free
3,84 Gb Paging File | 3,44 Gb Available in Paging File | 89,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,04 Gb Total Space | 17,67 Gb Free Space | 35,31% Space Free | Partition Type: NTFS
Drive D: | 93,00 Gb Total Space | 31,59 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
 
Computer Name: HERMES | User Name: jpg | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.29 09:13:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jpg\Desktop\OTL.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.07 03:45:30 | 000,653,640 | ---- | M] () -- C:\Programme\Expat Shield\bin\openvpntray.exe
PRC - [2011.08.12 07:45:18 | 002,433,024 | ---- | M] () -- C:\Programme\Rainlendar2\Rainlendar2.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.10.20 11:32:54 | 002,768,896 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008.10.06 19:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.21 17:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008.05.20 21:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.20 21:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2006.10.23 11:16:56 | 001,122,304 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\ConnectMgr.exe
PRC - [2006.10.04 23:51:06 | 000,618,496 | ---- | M] (3G Corp.) -- C:\Programme\HP Wireless Adapter\HPWLan.exe
PRC - [2005.05.31 22:23:24 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.07 03:45:30 | 000,653,640 | ---- | M] () -- C:\Programme\Expat Shield\bin\openvpntray.exe
MOD - [2012.01.06 20:38:32 | 000,009,544 | ---- | M] () -- C:\Programme\Expat Shield\bin\lang\gui-eng.dll
MOD - [2011.08.12 07:45:26 | 000,198,144 | ---- | M] () -- C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011.08.12 07:45:18 | 002,433,024 | ---- | M] () -- C:\Programme\Rainlendar2\Rainlendar2.exe
MOD - [2010.12.12 12:58:14 | 000,502,784 | ---- | M] () -- C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010.12.12 12:58:00 | 000,131,584 | ---- | M] () -- C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010.12.12 12:57:56 | 000,485,376 | ---- | M] () -- C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010.12.12 12:57:44 | 000,707,584 | ---- | M] () -- C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010.12.12 12:57:36 | 002,633,216 | ---- | M] () -- C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010.12.12 12:56:46 | 001,205,760 | ---- | M] () -- C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010.05.23 20:20:08 | 000,012,288 | ---- | M] () -- C:\Programme\Rainlendar2\lfs.dll
MOD - [2010.05.23 20:20:04 | 000,126,976 | ---- | M] () -- C:\Programme\Rainlendar2\lua51.dll
MOD - [2008.10.20 11:32:54 | 002,768,896 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.10.23 11:16:56 | 001,122,304 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\ConnectMgr.exe
MOD - [2006.09.22 17:10:46 | 000,032,768 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\scUsb.dll
MOD - [2006.09.22 17:10:18 | 000,040,960 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\scComm.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006.05.09 15:05:44 | 000,131,072 | ---- | M] () -- C:\Programme\HP Wireless Adapter\EnumDongleLib.dll
MOD - [2005.07.12 17:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Unknown] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Unknown] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.06 20:39:16 | 000,077,520 | ---- | M] () [On_Demand | Unknown] -- C:\Programme\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012.01.06 20:32:46 | 000,331,608 | ---- | M] () [Auto | Unknown] -- C:\Programme\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Unknown] -- C:\Programme\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Unknown] -- C:\Programme\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.09.18 17:46:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Unknown] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.05.13 09:44:00 | 000,077,480 | ---- | M] () [Auto | Unknown] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.04.14 14:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- system32\DRIVERS\M9207BDA.sys -- (M9207)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - File not found [Kernel | Auto | Unknown] --  -- (adfs)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Unknown] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.15 20:32:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011.11.15 20:32:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.10.27 03:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.20 18:47:46 | 000,113,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.09.10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.09.03 15:22:36 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Unknown] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.09.03 15:22:34 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Unknown] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.03 15:22:34 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Unknown] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008.12.11 22:07:14 | 000,045,824 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hcw17bda.sys -- (hcw17bda)
DRV - [2008.11.07 11:04:00 | 000,291,328 | ---- | M] (Marvell) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.10.08 08:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.09.23 22:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008.08.27 01:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.27 01:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.05.02 06:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008.04.14 14:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.01.14 20:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.08.16 20:03:14 | 000,010,752 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006.08.16 20:03:00 | 000,037,120 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006.08.15 12:10:02 | 000,189,440 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HPL8187.SYS -- (RTLWUSB)
DRV - [2006.08.01 16:57:24 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2006.05.12 14:31:12 | 000,068,864 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys -- (HPEAPPkt)
DRV - [2005.10.27 06:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2002.10.02 10:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.telewest.co.uk:8080
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox9\components [2012.01.19 20:55:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox9\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{82328892-FD12-4FB4-80C0-A2B47EB9CCBE}: C:\Dokumente und Einstellungen\jpg\Lokale Einstellungen\Anwendungsdaten\{82328892-FD12-4FB4-80C0-A2B47EB9CCBE} [2010.09.20 23:38:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla35\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla35\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.01.19 20:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\Mozilla\Extensions
[2012.05.04 21:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\Mozilla\Firefox\Profiles\k8ayuffx.default\extensions
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Programme\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [HPWireless] C:\Programme\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Vidalia] "C:\Dokumente und Einstellungen\jpg\Desktop\Neuer Ordner\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: ***.com ([domino.de] https in Vertrauenswürdige Sites)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254487745140 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343499493781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4267E306-751B-4EFE-A259-E7F690F4A0F6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 13:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell - "" = AutoRun
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell - "" = AutoRun
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell - "" = AutoRun
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HLServ.exe
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell\open\Command - "" = F:\HLServ.exe
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell - "" = AutoRun
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell - "" = AutoRun
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 09:13:48 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jpg\Desktop\OTL.exe
[2012.07.28 23:24:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.07.28 21:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.28 20:33:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\Avira
[2012.07.28 20:21:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.27 22:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.07.27 22:46:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.07.27 22:46:34 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.27 22:46:34 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.27 22:46:33 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.27 22:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.07.27 22:46:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.07.27 22:23:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.07.20 21:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jpg\Desktop\imaxel
[2012.07.16 17:34:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\Imaxel
[2012.07.16 17:31:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jpg\Eigene Dateien\imaxel
[2012.07.03 19:48:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\jpg\Desktop\abzug
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 09:13:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\jpg\Desktop\OTL.exe
[2012.07.29 09:11:29 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Defogger.exe
[2012.07.29 08:47:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.29 08:47:03 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.28 20:18:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.27 22:46:50 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.07.27 22:27:50 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 22:23:04 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.07.27 22:17:19 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.27 21:44:31 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Windows\ctfmon.lnk
[2012.07.27 21:32:36 | 000,018,944 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.26 11:21:05 | 002,169,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.20 22:10:34 | 000,142,273 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\balea.jpg
[2012.07.19 00:22:15 | 073,898,685 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\000078409136.ixz
[2012.07.18 23:08:28 | 000,005,273 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Intercamp-logo.gif
[2012.07.18 23:05:16 | 000,269,553 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\2000px-Boy_Scouts_of_America_universal_emblem.svg.png
[2012.07.18 21:05:17 | 000,322,595 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Clipboard01.jpg
[2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.07.16 17:34:19 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\dm Digi Foto.lnk
[2012.07.15 21:59:23 | 000,000,275 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\3+Phasenrente++PDF.htm
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.30 22:09:08 | 000,150,759 | ---- | M] () -- C:\Dokumente und Einstellungen\jpg\Desktop\IMG_1610.jpg
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.29 09:11:28 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Defogger.exe
[2012.07.27 22:46:50 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.07.27 22:27:50 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 22:23:04 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.07.27 21:44:31 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.27 21:44:31 | 000,001,594 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Windows\ctfmon.lnk
[2012.07.20 22:10:34 | 000,142,273 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\balea.jpg
[2012.07.19 00:21:48 | 073,898,685 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\000078409136.ixz
[2012.07.18 23:08:27 | 000,005,273 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Intercamp-logo.gif
[2012.07.18 23:05:14 | 000,269,553 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\2000px-Boy_Scouts_of_America_universal_emblem.svg.png
[2012.07.18 21:05:17 | 000,322,595 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\Clipboard01.jpg
[2012.07.16 17:34:19 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\dm Digi Foto.lnk
[2012.07.15 21:59:23 | 000,000,275 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\3+Phasenrente++PDF.htm
[2012.06.30 22:09:07 | 000,150,759 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Desktop\IMG_1610.jpg
[2012.06.18 00:03:42 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.05.13 11:21:14 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 20:31:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.11 18:53:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb7mlm.dll
[2011.12.25 13:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.12.22 18:23:59 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\$_hpcst$.hpc
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.10.28 22:37:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mfc30.dll
[2011.07.17 10:28:22 | 000,000,091 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2011.06.07 23:13:25 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2011.05.23 20:02:54 | 000,072,080 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\g2mdlhlpx.exe
[2010.09.30 22:12:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.09 16:18:46 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\winscp.rnd
[2009.09.03 00:53:45 | 000,002,119 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\YQzcnqK5at.gif
[2009.09.03 00:53:45 | 000,000,607 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\YQzcnqK5zn.gif
[2009.09.03 00:53:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\Anwendungsdaten\YQzcnqK5by.gif
[2009.08.02 19:49:20 | 000,007,803 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\.recently-used.xbel
[2009.07.29 21:18:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\.gtk-bookmarks
[2009.07.29 21:16:07 | 000,244,716 | ---- | C] () -- C:\Dokumente und Einstellungen\jpg\.fonts.cache-1

< End of report >

OTL extra.txt sowie gmer.text wie gewünscht in der angehängten komprimierten datei logfiles.rar.

So, bin gespannt und sehr dankbar für euren rat, wie ich die fehlermeldung wegbekomme.

Danke, Tobs

t'john · 29.07.2012, 14:39

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) 
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) 
DRV - File not found [Kernel | System | Unknown] -- system32\DRIVERS\M9207BDA.sys -- (M9207) 
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) 
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) 
DRV - File not found [Kernel | System | Unknown] -- -- (Changer) 
DRV - File not found [Kernel | Auto | Unknown] -- -- (adfs) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.telewest.co.uk:8080 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 

O4 - HKCU..\Run: [Vidalia] "C:\Dokumente und Einstellungen\jpg\Desktop\Neuer Ordner\Vidalia Bundle\Vidalia\vidalia.exe" File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.02.12 13:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell - "" = AutoRun 
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell - "" = AutoRun 
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell - "" = AutoRun 
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HLServ.exe 
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell - "" = AutoRun 
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell - "" = AutoRun 
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell\AutoRun - "" = Auto&Play 
O33 - MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a 
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2012.07.27 22:17:19 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad 
[2012.07.27 21:44:31 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Windows\ctfmon.lnk 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

tobs · 29.07.2012, 19:26

guten abend - so, den test reinkopiert und ausgeführt. rechner dann runter und hochgefahren und hier das logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service M9207 stopped successfully!
Service M9207 deleted successfully!
File system32\DRIVERS\M9207BDA.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service adfs stopped successfully!
Service adfs deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
File move failed. C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vidalia not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2c4-4a45-11df-8e58-001377b77eae}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1ae2ca-4a45-11df-8e58-001377b77eae}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758d18fc-08cb-11df-8e37-001377b77eae}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HLServ.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86a9c70d-55dc-11df-8e59-001377b77eae}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bafade-7063-11e1-8f26-001377b77eae}\ not found.
File F:\LaunchU3.exe -a not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET43.tmp deleted successfully.
C:\WINDOWS\System32\SET4F.tmp deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Dokumente\Windows\ctfmon.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\jpg\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\jpg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: jpg
->Temp folder emptied: 854391 bytes
->Temporary Internet Files folder emptied: 17270319 bytes
->Java cache emptied: 1270328 bytes
->FireFox cache emptied: 194389155 bytes
->Flash cache emptied: 5880 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3655103 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: root
 
User: root2
->Temp folder emptied: 2028473 bytes
->Temporary Internet Files folder emptied: 344596 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27197677 bytes
->Opera cache emptied: 12990 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22039639 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 257,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: jpg
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: root
 
User: root2
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07292012_200714

danke schon mal für den ersten schritt der hilfe, gruss, tobs

t'john · 29.07.2012, 21:26

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

tobs · 30.07.2012, 06:49

Guten Morgen -

so, einmal gescannt und den adwcleaner ausgeführt. aber ein anderes problem ist aufgetreten, siehe unten...

erstmal den scanlog:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
root2 :: HERMES [Administrator]

29.07.2012 23:15:41
mbam-log-2012-07-29 (23-15-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422847
Laufzeit: 3 Stunde(n), 45 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und der von adw:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 07:43:21
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : root2 - HERMES
# Running from : C:\Dokumente und Einstellungen\root2\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [546 octets] - [30/07/2012 07:43:21]

########## EOF - C:\AdwCleaner[R1].txt - [673 octets] ##########

sieht für mich als laien beides ja ganz gut aus...

aber: heute nacht hat dann irgendwann avira einen schädling gefunden. als ich die details anschauen wollte, ist der rechner mit einem bluescreen abgestürzt. in den logfiles von avira ist nichts mit heutigem datum zu finden. also der fund ist nicht protokolliert.

rechner wieder hochgefahren. läuft ohne probleme. wobei das sicherheitsupdate von microsoft, siehe erster post, immer noch sich installieren will...?

liebe grüße, danke, tobs

t'john · 30.07.2012, 11:23

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

tobs · 31.07.2012, 06:07

Guten Morgen - so, adwcleaner ausgeführt. Logfile unten. Emisoft habe ich auch geladen und laufen lassen, allerdings gab es zum schluss nicht die option mit "bericht speichern" ein logfile zu erstellen. ich konnte unter "quarantäne" oder "protokoll" eine textdatei speichern, die die dateien anzeigt, die das program in quarantäne gestellt hat. gelöscht habe ich nichts (die option besteht auch garnicht

die textdateien sind ebenfalls unten.
zudem hat sich avira noch mit einem fund gemeldet, den emisoft aber nicht auf seiner liste hatte: "in der datei d:\system volume information\...\A0110213.exe wurde ein virus oder unerwünschtes program 'bds/bifrose.dtle' gefunden. der zugrif auf die datei wurde verweigert."
die datei habe ich vorerst auch nicht gelöscht, wie du bei dem anderen scanner als vorgehen beschrieben hast...

text aus AdwCleaner[S1].txt:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 20:13:50
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : root2 - HERMES
# Running from : C:\Dokumente und Einstellungen\root2\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [673 octets] - [30/07/2012 20:13:29]
AdwCleaner[S1].txt - [605 octets] - [30/07/2012 20:13:50]

########## EOF - C:\AdwCleaner[S1].txt - [732 octets] ##########

emisoft: text aus quarantine_120731-064818.txt:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
quarantine log

Datum	Ursprung	Vorgang	Verhalten/Infektion
31.07.2012 06:47:12	C:\Dokumente und Einstellungen\All Users\Dokumente\Server\hlp.dat	In Quarantäne gestellt	Trojan.Win32.Bamital!E2
31.07.2012 06:47:11	D:\System Volume Information\_restore{2191BAC5-CF5A-4AB9-88B7-BE4602DC833B}\RP406\A0111284.exe	In Quarantäne gestellt	Adware.Win32.ADON.AMN!E1

und emisoft text aus update_120731-065829.txt

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
update log

Beginn	Ende	Ergebnis	Typ
30.07.2012 20:26:17	30.07.2012 20:26:58	Update erfolgreich	Manuelles Update

danke und grüße, tobs

t'john · 31.07.2012, 09:17

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

tobs · 31.07.2012, 22:25

Guten Abend t'john -
der eset hat ein wenig länger gearbeitet, aber gerade noch rechtzeitig vor dem insbettgehen fertig geworden. unten die logdatei.
alles scheint stabil zu laufen. allerdings will windows beim runterfahren noch immer das Sicherheitsupdate für Windows XP SP3 (KB952069) installieren. der rechner macht dann auch was. scheint alles zu klappen, keine fehlermeldung. aber beim anmelden kommt wieder die meldung, dass er just jenes update machen möchte. hat das vielleicht mit irgendwelchen viren etc zu tun?
danke und gruss, tobs

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88806b89d2681c4db5b29ad1ee46419b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 09:13:54
# local_time=2012-07-31 11:13:54 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 91761853 91761853 0 0
# compatibility_mode=1792 16777191 100 0 331810 331810 0 0
# compatibility_mode=8192 67108863 100 0 178 178 0 0
# scanned=215700
# found=1
# cleaned=1
# scan_time=15479
D:\privat\backups\100423\meetings\daten.iso	a variant of Win32/HackKMS.A application (deleted - quarantined)	00000000000000000000000000000000	C

t'john · 31.07.2012, 22:32

Nein mit den Viren hat das nichts zutun, wir schauen gleich danach, was da los ist.

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schaedlinge ueber Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen muessen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von SingularLabs herunter und entpacke es auf den Desktop. Nimm die Windows Binary. JavaRA ist geeignet fuer Windows Windows 9x, 2k, XP, Vista, 7. Vista und Windows 7-User muessen die Benuterkontensteuerung deaktivieren, Anleitung siehe unten.

Schliesse alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache Deutsch auswaehlen und klicke "Select".
Klicke auf Weitere Funktionen, mache Haken bei Unnoetige JRE Dateien loeschen und Sun Download Manager loeschen.
Klicke auf Start und jeweils auf Ok/Ja und schliesse das Fenster "Additional Tasks" wieder.
Klicke auf aeltere Versionen loeschen, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Ja wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geoeffnet, bitte speichern und spaeter hier posten.
Rechner neu starten.[/B]

Downloade nun die aktuelle Offline-Version von Java von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also waehrend der Installation den Haken bei der Toolbar entfernen.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

tobs · 31.07.2012, 23:56

sodele - java aktualisiert.
javara.exe ausgeführt. protokoll unten.
java von oracle runtergeladen. anweisungen konnte ich jedoch nicht ganz befolgen:
- deinstallieren der alten versionen: scheine hetzt java 7 update 5 zu haben. Java 6 update 22 erscheint noch in der systemsteuerung unter programme. allerdings hat es keine größe mehr und man kann es auch nicht anklicken oder deinstallieren...
- das java control panel sieht anders aus als in der verlinkten how to anleitung. kann darum nicht die wöchentliche frequenz einstellen...

danke und gute nacht, tobs

Code:

ATTFilter

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Aug 01 00:27:11 2012

Found and removed: C:\Programme\Java\jre1.5.0Found and removed: C:\Dokumente und Einstellungen\root2\Anwendungsdaten\Sun\Java\jre1.6.0_15Found and removed: C:\Dokumente und Einstellungen\root2\Anwendungsdaten\Sun\Java\jre1.6.0_22Found and removed: C:\Dokumente und Einstellungen\root2\Anwendungsdaten\Sun\Java\jre1.6.0_32Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: JavaPlugin.FamilyVersionSupportFound and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.6Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\JavaPluginFound and removed: SOFTWARE\Classes\JavaPlugin.150Found and removed: SOFTWARE\Classes\JavaPlugin.160_22Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_SUNFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062F02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062F02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Aug 01 00:28:10 2012

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}------------------------------------Finished reporting.

t'john · 01.08.2012, 00:08

Sehr gut!

damit bist Du sauber und entlassen!

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

tobs · 01.08.2012, 06:32

Guten Morgen -

vielen Dank für die Nachteulenbetreuung

Klasse, dass die Schädlinge sich auf meinem Rechner nich tmehr wohl fühlen....

Könntest Du mir vielleicht noch einen Rat zum Thema des Sicherheitsupdates für Windows XP SP3 (KB952069), dass sich immer und immer wieder installiert, aber dann beim rauffahren wieder nicht da ist, geben?

Danke und einen schönen Tag, Tobs

Guten Morgen Teil 2 :

vielleicht hilft das bei der Frage von gerade eben weiter?: Der CCCleaner räumt brav auf. aber ein Registryeintrag wird gelöscht und erscheint dann gleich beim suchen wieder. Das Teil heisst: Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
Für mich sieht das natütlich nach unverständlichen Geheimtext aus. Aber vielleicht sagen Dir die Zahlen und Buchstaben ja was?
Danke, Gruss, Tobs

t'john · 01.08.2012, 14:23

Teil 1:

Versuche mal bitte: http://www.trojaner-board.de/72874-s...eparieren.html

Teil 2:

http://www.trojaner-board.de/86087-8...9-problem.html

tobs · 01.08.2012, 22:38

guten abend -

danke für die links. der registry eintrag scheint dann ja keine probleme zu machen.
sfc /scannow habe ich laufen lassen. hat sich auch bis 100% durchgekämpt. ist dann aber ohne log zum eingabeprompt zurückgesprungen. und die logdatei unter c:/windows/ gibt es nicht, bzw den ordner logs auch nicht.
gibt es ein anderes program, dass eine ähnliche funktion hat?
danke und liebe grüße, tobs

01.08.2012, 14:23	#14
t'john /// Helfer-Team	wpbt0.dll Das angegebene Modul wurde nicht gefunden Teil 1: Versuche mal bitte: http://www.trojaner-board.de/72874-s...eparieren.html Teil 2: http://www.trojaner-board.de/86087-8...9-problem.html __________________ Mfg, t'john Das TB unterstützen

wpbt0.dll Das angegebene Modul wurde nicht gefunden

Plagegeister aller Art und deren Bekämpfung: wpbt0.dll Das angegebene Modul wurde nicht gefunden