| |
| |||||||
Log-Analyse und Auswertung: LOG-File von OTM.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2012, 18:34
| #2 |
| /// Helfer-Team  |  LOG-File von OTM.exe Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV:64bit: - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=131133&systemid=426&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=131133&systemid=426&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2857572
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=165534&text={searchTerms}
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - No CLSID value found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=762585d7000000000000701a04f1e377&tlver=1.4.19.19&affID=19405
IE - HKCU\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{99F50749-CCCA-4217-A618-1D17B9088D11}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC3&o=APN10175&src=crm&q={searchTerms}&locale=&apn_ptnrs=^A7U&apn_dtid=^YYYYYY^YY^DE&apn_uid=3D04515E-5751-47E0-950F-0BD0E959E2FB&apn_sauid=3BEACD5A-66A6-4990-B66C-61157593E867
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=131133&systemid=426&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb143/?search={searchTerms}&loc=IB_DS&a=6OyAK2Rhew&i=26
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=165534&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=165534&text={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Radio W Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: dmremote@westbyte.com:1.2
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: yasearch@yandex.ru:5.2.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\marina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\marina\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.08 17:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.08 17:33:24 | 000,000,000 | ---D | M]
CHR - Extension: Browser Companion Helper = C:\Users\marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Babylon Toolbar = C:\Users\marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
Hosts file not found
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [HKLM] C:\install\Realtek Voice Manager.exe File not found
O4 - HKLM..\Run: [MSWUpdate] C:\Users\marina\AppData\Roaming\Microsoft\lsass.exe File not found
O4 - HKLM..\Run: [RUN32] C:\Users\marina\AppData\Roaming\mlr17.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\marina\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [HKCU] C:\Users\marina\AppData\Roaming\System32\win32.exe File not found
O4 - HKCU..\Run: [MSWUpdate] C:\Users\marina\AppData\Roaming\Microsoft\lsass.exe File not found
O4 - HKCU..\Run: [Praetorian] C:\Users\marina\AppData\Local\Yandex\Updater\praetorian.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Tetatet] "C:\Users\marina\tetatet\tetatet.exe" auto File not found
O4 - HKCU..\Run: [vbc] C:\Users\marina\AppData\Roaming\sysfiles\vbc.exe File not found
O4 - HKCU..\Run: [Windows Defender] C:\Program Files (x86)\Counter-Strike Source\Counter Strike Source 2011\svxhost.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: MSWUpdate = C:\Users\marina\AppData\Roaming\Microsoft\lsass.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: MSWUpdate = C:\Users\marina\AppData\Roaming\Microsoft\lsass.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\marina\AppData\Roaming\System32\win32.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: ???????? ??? ??? ?????? Download Master - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: ???????? ??? ?????? Download Master - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: ???????? ?? ????????? ??????? DM - Reg Error: Value error. File not found
O8 - Extra context menu item: ???????? ??? ??? ?????? Download Master - Reg Error: Value error. File not found
O8 - Extra context menu item: ???????? ??? ?????? Download Master - Reg Error: Value error. File not found
O8 - Extra context menu item: ???????? ?? ????????? ??????? DM - Reg Error: Value error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8dbf024f-b2ed-11e1-a674-705ab6771043}\Shell - "" = AutoRun
O33 - MountPoints2\{8dbf024f-b2ed-11e1-a674-705ab6771043}\Shell\AutoRun\command - "" = G:\cdstart.exe
O33 - MountPoints2\{df8a29d8-0d3f-11e1-838b-705ab6771043}\Shell - "" = AutoRun
O33 - MountPoints2\{df8a29d8-0d3f-11e1-838b-705ab6771043}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{e2560ff0-9299-11e1-9888-705ab6771043}\Shell - "" = AutoRun
O33 - MountPoints2\{e2560ff0-9299-11e1-9888-705ab6771043}\Shell\AutoRun\command - "" = F:\Startme.exe
[2012.07.08 21:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6020C786
@Alternate Data Stream - 1162 bytes -> C:\ProgramData\Microsoft:pvrWQEr8ED1iQDbdcabwC6
@Alternate Data Stream - 1080 bytes -> C:\ProgramData\Microsoft:fW11xZ4hg7qMzWKyHXdUGa3AsPteN
[2012.01.03 21:25:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marina\AppData\Roaming\mozilla\Firefox\Profiles\0t1j40ql.default\extensions\ffxtlbr@babylon.com
[2012.07.16 07:04:15 | 000,000,921 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\conduit.xml
[2012.07.19 07:38:04 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-1.xml
[2012.03.26 10:03:07 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-10.xml
[2012.03.26 14:00:59 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-11.xml
[2012.03.26 14:00:57 | 000,002,525 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\Search_Results.xml
[2012.03.26 14:00:57 | 000,002,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.04.16 21:09:38 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-12.xml
[2012.05.04 09:10:39 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-13.xml
[2012.06.23 12:06:04 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-14.xml
[2011.07.12 10:06:12 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-2.xml
[2011.09.12 20:17:48 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-3.xml
[2011.10.15 12:38:35 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-4.xml
[2011.11.20 12:34:15 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-5.xml
[2011.12.10 01:46:42 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-6.xml
[2012.01.02 21:37:34 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-7.xml
[2012.01.08 16:26:13 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-8.xml
[2012.02.12 12:33:50 | 000,000,950 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin.src
[2011.06.28 23:55:03 | 000,001,056 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\icqplugin.xml
[2012.05.03 15:45:58 | 000,002,203 | ---- | M] () -- C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\0t1j40ql.default\searchplugins\MyStart Search.xml
[2012.06.19 12:31:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 12:31:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 12:31:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 12:31:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 12:31:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 12:31:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 12:31:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2012.05.06 11:59:50 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.27 06:18:11 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.30 15:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.30 15:02:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.30 15:02:28 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WashAndGo EasyClean Logon.job
[2012.07.30 14:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 13:33:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1742278700-356498611-1392683483-1000UA.job
[2012.07.30 12:58:09 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1742278700-356498611-1392683483-1009UA.job
[2012.07.27 15:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1742278700-356498611-1392683483-1009Core.job
[2012.07.27 07:33:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1742278700-356498611-1392683483-1000Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
| Themen zu LOG-File von OTM.exe |
| boot, bundespolizei, bundespolizei trojaner, daten, entfern, erwünscht, funktionier, funktioniert, guten, heute, kapersky, log-file, m.exe, persönliche, troja, trojaner, verschlüsselt, win |
Baum-Darstellung