Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundesplizei Trojaner

Bundesplizei Trojaner


Log-Analyse und Auswertung: Bundesplizei Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.08.2012, 14:05   #1
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Hallo,
mich hats ebenso erwischt wie viele andere. Gestern veränderte sich mein Bildschirm und dann stand da, dass mein Laptop gesperrt sei aufgrund einer Sicherheitskontrolle. Ich hab hier schon ein bißchen gelesen und erhoffe mir nun Unterstützung und Hilfe. Ich bin ein bißchen verzweifelt und ratlos.

Ich hoffe ihr könnt mir helfen!

ich habe die Malwarebytes software durchlaufen lassen und das kam dabei heraus:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6002.18005
Icke :: TINA-PC [administrator]

Protection: Disabled

17.08.2012 15:08:38
mbam-log-2012-08-17 (15-08-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398359
Time elapsed: 1 hour(s), 12 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ntmeuzdendlkora (Trojan.Ransom) -> Data: C:\ProgramData\ntmeuzde.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Icke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X446OUJ\PDFCreator_Stub_5874[1].exe (PUP.Adware.Agent) -> No action taken.
C:\ProgramData\ntmeuzde.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Icke\0.5339669088365301.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.08.2012 16:32:27 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Icke\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 57,74% Memory free
5,17 Gb Paging File | 4,37 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 39,63 Gb Free Space | 27,51% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 91,53 Gb Free Space | 65,15% Space Free | Partition Type: NTFS
 
Computer Name: TINA-PC | User Name: Icke | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Icke\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a7alu80y) --  File not found
DRV - (rldpvaes) -- C:\Windows\System32\drivers\nphby.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DiWan) -- C:\Windows\System32\drivers\DISDN\Diwan.sys (Eicon Technology)
DRV - (DiMaint) -- C:\Windows\System32\drivers\DISDN\dimaint.sys (Eicon Technology)
DRV - (DiCapi) -- C:\Windows\System32\drivers\DISDN\capi202k.sys (Eicon Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Icke\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Icke\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Icke\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Icke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 07:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.20 16:11:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 07:18:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.20 16:11:29 | 000,000,000 | ---D | M]
 
[2008.09.24 17:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions
[2011.04.11 14:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\dixslq37.default\extensions
[2011.04.11 14:27:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\dixslq37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.14 12:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions
[2010.09.18 10:52:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.26 11:21:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.07 08:44:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.23 17:22:18 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\2020Player_IKEA@2020Technologies.com
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\dixslq37.default\searchplugins\icqplugin.xml
[2012.01.08 09:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.19 22:48:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.14 16:40:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.20 07:18:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.20 16:10:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.21 07:30:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 07:30:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 07:30:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 07:30:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 07:30:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 07:30:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Icke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44A842EA-A6DE-460D-A267-709A7954EEF6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DBB13E-27FC-49B0-93DC-DF128AFAE313}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.17 16:29:37 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe
[2012.08.17 15:07:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.17 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Malwarebytes
[2012.08.17 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 10:50:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.17 10:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.16 22:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ueskigvqneqbbjh
[2012.08.16 00:23:48 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 08:05:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.08.15 08:05:48 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.08.15 08:05:47 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.08.15 08:05:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.08.15 08:05:47 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 08:05:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 08:05:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 08:05:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 08:05:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.08.14 12:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.14 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\pdfforge
[2012.08.14 12:44:58 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.08.14 12:44:58 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.08.14 12:44:58 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.08.14 12:44:56 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.08.14 12:44:56 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.08.14 12:44:56 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.08.14 12:44:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.08.14 12:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.08.09 10:03:11 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\dessau vom 3-9.08.12
[2 C:\Users\Icke\Documents\*.tmp files -> C:\Users\Icke\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.17 16:29:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe
[2012.08.17 16:22:50 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\nphby.sys
[2012.08.17 15:08:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.17 15:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 10:50:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 22:24:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.16 22:23:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.16 22:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 22:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 22:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.16 22:14:09 | 000,000,051 | ---- | M] () -- C:\ProgramData\twwjhhxdrtpukcp
[2012.08.16 20:49:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000UA.job
[2012.08.16 11:50:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.16 10:18:02 | 000,381,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.16 00:11:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000Core.job
[2012.08.14 12:45:20 | 000,000,213 | ---- | M] () -- C:\Users\Icke\Desktop\SweetPcFix.url
[2012.08.14 12:45:05 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.14 12:45:04 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.08.12 19:11:07 | 000,006,944 | ---- | M] () -- C:\Users\Icke\AppData\Local\d3d9caps.dat
[2 C:\Users\Icke\Documents\*.tmp files -> C:\Users\Icke\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.17 16:22:50 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\nphby.sys
[2012.08.17 10:50:31 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 22:02:24 | 000,000,051 | ---- | C] () -- C:\ProgramData\twwjhhxdrtpukcp
[2012.08.14 12:45:20 | 000,000,213 | ---- | C] () -- C:\Users\Icke\Desktop\SweetPcFix.url
[2012.08.14 12:45:05 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.14 12:45:04 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.06.06 17:12:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.03 01:19:11 | 000,008,156 | -HS- | C] () -- C:\Users\Icke\AlbumArt_{5BC4D910-F398-4718-90F8-E4A4A4F50E24}_Large.jpg
[2010.11.03 01:19:11 | 000,001,969 | -HS- | C] () -- C:\Users\Icke\AlbumArt_{5BC4D910-F398-4718-90F8-E4A4A4F50E24}_Small.jpg
[2010.10.31 23:45:47 | 000,008,156 | -HS- | C] () -- C:\Users\Icke\Folder.jpg
[2010.10.31 23:45:47 | 000,001,969 | -HS- | C] () -- C:\Users\Icke\AlbumArtSmall.jpg
[2009.12.02 11:22:55 | 004,356,570 | ---- | C] () -- C:\Users\Icke\Walls.mp3
[2008.10.29 09:34:43 | 000,006,944 | ---- | C] () -- C:\Users\Icke\AppData\Local\d3d9caps.dat
[2008.09.20 18:44:34 | 000,001,024 | ---- | C] () -- C:\Users\Icke\.rnd
[2008.09.20 14:16:12 | 000,101,888 | ---- | C] () -- C:\Users\Icke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:30C46519
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E6C58E14
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7F66BF58
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DCDE7C60
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B894C266
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ABA71843
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CF2C26D2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0651F96C
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:765C6A14
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2FF4577A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D88D995C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D05E7A8B
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:940ECC98
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:26EE282C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:41C283B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0AE8FC60
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13B137AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ED45A20F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B652B720
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:9B0F9E15
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3F22DA14
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E55CE2D1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C40E212B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:426796C0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:860D9052
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9446E8B9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5A173E50
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:550179F5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:50A11A00
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:05816AFA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EB603FE4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F50F1555
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2FAFBD6A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0EE601C7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CF5C4195
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9AB338B9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8DB5ACDD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:79F970BE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F65733F1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E33D6212
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8BB2EE92
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:62197B73
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8F7ECF6A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8DD623B3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0D31DA45
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FA8B212D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E71141D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:994AEA06
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:87FA5E8A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:77846FFE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:7091055F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E89EDC52
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4B49E3BC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:20451762
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0A73A758
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D26DD363
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:369A9F46
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:273A8657
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C0A4F645
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:F951183D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8C458D50
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:72E546C1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7079A696
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1C9565AC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7C8950EF
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4E903DEB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:567AC0A6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A696643D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8FBE0E9C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:5466F106
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:9A2521F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:615435BE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:389D51A1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D8A7F3FF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2FC9D9C0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:18AE7C5A
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:981349EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:6A18D1F5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:588B60C7

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.08.2012 16:32:27 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Icke\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 57,74% Memory free
5,17 Gb Paging File | 4,37 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 39,63 Gb Free Space | 27,51% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 91,53 Gb Free Space | 65,15% Space Free | Partition Type: NTFS
 
Computer Name: TINA-PC | User Name: Icke | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085E722E-DEE7-466B-9757-BD7468A6C6AC}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{112227B7-1331-462A-B6E8-B372E0B2D6D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1342C8C9-FA1A-4E35-8935-38539BD8BE54}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{13DE1542-C1CE-4DFF-94F0-BD704E111E66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{16101005-D105-4B32-8FB0-3BACFDCF5EE7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1901D751-6CEF-4A2A-B6BA-8CCAAF698E30}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{200895D6-D874-4CCF-98F2-1D934AED4789}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{20F85B2E-D671-4CFE-B569-E58C0ED4EE1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24DC5CB8-203B-407E-B201-F1546FEC58DA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{251D5F47-06BD-417B-A589-79ED55569A0E}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{278CDD48-A371-4468-99F2-98436663B492}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28C6D4E0-C719-4196-B86B-A7AB3F68E068}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CB4C31C-F2BD-49AE-9DB9-766AA9088DA3}" = dir=in | app=c:\users\icke\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{336DCD16-5512-4A52-8A81-69A9475E5423}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F47290-DAB7-45AB-921C-A00AAF156C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35EAB0C6-1CC8-45A6-B8BD-56BE1D71E021}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{41699FC6-C0E9-415A-89F8-86A5903C2890}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{448B3BA6-231C-41F4-A7F8-31E1C0375D9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48921C51-0D84-4EB2-873E-E7942093C7D1}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{494C5C52-8CC2-48F4-A510-B54FDD586858}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B566410-D639-401C-A7D4-02656518BA9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5529ABEB-1A7C-482A-B33F-2ABA616EA3BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57917753-478A-4F68-98FA-CA143DBB133E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5810D58C-ED56-4AAC-BD87-38F57B77BF1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58A39E41-12F8-4AE4-B89C-89AE4FE4682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5DD06989-5FD4-4EAA-A6F9-2D01C2B309E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F8E40B6-FA00-45A6-BB79-1DF39824505C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{6194BE03-C365-4CCB-BCB5-C94471764B4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66B02610-006B-4FE0-9BAF-EDE26F78569E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{67D35399-8AFE-476C-A2CB-FB636760550B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{6898BE29-A5A0-410B-B3CE-898B31867327}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70776BD7-A543-477E-A80B-847500D0180D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7375FD29-F3CC-42F5-9F5A-181E9123AB9C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{7451BFEC-0A07-433E-8AA8-07218FEE9F5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7ED2DFB7-AB0D-43F0-AD96-282C8D545CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7FECCFC2-CB52-4C40-A2BC-37CF159CF489}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8250DCA1-6E10-4EFF-B26B-5A7D6CE60E93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88581F31-8959-47CB-88EA-41856664A455}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A84E71D-CB3D-46B0-9B3C-13E822AF4C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C6D2641-73A8-4048-8147-1460ECA1E4D7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{92C91076-EAFE-4906-86D9-3A6537784A10}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{957512EE-4688-470F-86D8-6C2353D8ED56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9FB8D58E-3F5C-42EA-8A0D-BB320C1269D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0C061B0-C1F2-4769-A002-FD7AA0BCEFE8}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B169B6EE-3318-48FA-BCF0-3CF1E56A948E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B19E02C4-DFE8-4E08-9459-4B0623BEF7C0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{B99B68FE-67B7-4E83-9BA9-1583A1ACC30F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA73C548-8D57-4000-A755-EFC8B0F47563}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{BF1277B8-2A83-4540-8372-9E79E06F68B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C11FAC47-A209-4D65-9F3E-8FC4FDF6F3D1}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C5BB9284-A691-4CEE-99C8-0B945D0B0FFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7378611-C175-4AE0-AB4C-EEF29DFA7351}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C763A346-CDA7-4BCA-8A05-AFBA5A5DB893}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CAF1547C-7F78-41C7-A8A2-F8AD349FD187}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{CB90D112-0BCE-4F5D-B726-DF2829060A31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CEC19068-5195-49C5-8ABF-37A403F1FAA8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{D15F2E39-E48E-43E7-95CE-E5765B6CF780}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D24C4024-876F-4A23-923D-E459DA1ED29C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D38943BD-2CD2-4CAE-BA69-AFCC1EA403B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D38A0193-A6F0-435D-8C03-B86883BB6874}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{DA67B334-E7D2-4D8B-B59B-978B2389D074}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB9D7393-232F-4FC8-A2D1-146D1E6F0891}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{DC93D6D6-C0C2-4A15-8462-6DEDDD277CDB}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{DD53BAED-6CDA-436C-AEE3-D535384C6C93}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{E85FF5C0-7B9B-41DE-9151-B81CAE9456CD}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{ECECB04A-98CF-4932-98F3-DEFAE5DA8FC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1B07E56-4F4D-47CF-84AF-9A2A9F5E3E2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F64F9CB2-ADA3-4AE9-8ABA-29FD8EE348D8}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{F6F8670F-CDE7-441B-81F3-19912734F7F1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FBE29BEB-94BC-45B0-93F1-BE3A8710047C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FEFEBBEE-95C4-4CE4-87A8-64C0EB892E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2D7C97E7-9E52-4FD8-8DF5-12E76EFE3B65}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{376836CE-0470-4417-BAC8-A3ECBD024C63}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0087799A-6484-2297-16D1-314C8D51EB5C}" = CCC Help Turkish
"{008B104E-AD08-D176-D974-9E795A3B5930}" = CCC Help English
"{01D60497-9C75-DFB2-6702-73288FAAF569}" = CCC Help Finnish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E77A66-9566-2C8F-4924-87AF3EEC4C8D}" = Catalyst Control Center Localization Korean
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0F685585-6664-3B0F-8FFF-824EF3EC808F}" = CCC Help Chinese Standard
"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{11FA22E0-699F-57FB-2ED5-81518FD4D26B}" = Catalyst Control Center Localization Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADA324F-E40F-1763-8A4C-C2B1C3221C8B}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21BC64BE-7760-932B-9070-BAE49E82E4C0}" = CCC Help Russian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{247EC1CE-C81F-298F-EDDE-666C02C58193}" = CCC Help Spanish
"{2503CD86-B4C1-2EB7-30F8-A06F1156EE44}" = CCC Help German
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter
"{2A6F9CF1-E874-FAAE-ACBF-50DEAB6A2866}" = Catalyst Control Center Localization Chinese Traditional
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C3AD6F9-0DD7-E2A2-363F-749247AE9603}" = CCC Help Czech
"{2E484859-4C24-718C-C637-368B04F14142}" = Catalyst Control Center Localization Russian
"{30C5CDC6-67DE-F761-507F-E156FB7CF098}" = Catalyst Control Center Localization Italian
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3304A9B5-C51F-42D4-B827-C77D607AC87B}" = Catalyst Control Center Localization Chinese Standard
"{36E3F10E-E909-0B45-B58B-CAF9864B22FF}" = Catalyst Control Center Localization Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFD59CA-BC0C-0A69-C420-5F6E54565246}" = ccc-core-static
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{448D6CAA-B84F-148E-DF21-D9145CD70791}" = Catalyst Control Center Localization Thai
"{459E81F6-51BB-F78C-EB9A-619499B7E7B8}" = CCC Help Korean
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA50CE2-3549-5E6B-DB7F-EC1FB21C98EB}" = CCC Help Italian
"{5025C2C2-E2DA-54CA-6AA3-2B796ED5E371}" = CCC Help Dutch
"{5204292B-0CDB-B240-65CE-F4CF17919E2D}" = Catalyst Control Center Localization Hungarian
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5776FA35-21C8-A6C6-3B32-C5528AE4054F}" = CCC Help Danish
"{58A8EF55-37A0-F2C2-A35B-CA97E8F3D5C3}" = CCC Help Hungarian
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59ED508E-4239-EAD2-8D50-8923AADCFD76}" = Catalyst Control Center Graphics Full New
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D751B45-0F9F-0B9E-F3EA-25821C9D7F49}" = CCC Help Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{672CFCDF-759F-5F3C-077D-8B1A172FE150}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5A8BEE-5493-C8F3-978F-6DC2A612D070}" = Catalyst Control Center Localization Portuguese
"{6CB07378-C076-D335-7D38-37AC272D899A}" = Catalyst Control Center Localization Greek
"{70B7E2EA-6CF1-C7BC-5F0E-7467F114BD5E}" = Catalyst Control Center Core Implementation
"{70E392D0-9A63-CD3B-11E4-4B66B7C68DE9}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{796127AB-1065-1DE9-3F6B-B4A00455FD34}" = CCC Help Chinese Traditional
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114044400}" = Chocolatier 2 Secret Ingredients
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114323150}" = Jojo’s Fashion Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115189690}" = Hells Kitchen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115334267}" = Fashionista
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1197000}" = Women’s Murder Club - Triple Crime Pack
"{85D808E9-8D08-90FF-B0FB-2732EC386A58}" = Catalyst Control Center Localization Japanese
"{89AD7027-B6B2-47DF-21F2-D8A46A6DB13F}" = ATI Catalyst Install Manager
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C55354D-62FC-7BBD-91CB-199365A64331}" = CCC Help French
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{95C8E6D2-8D1A-1846-F8CF-FC5BF2682D3E}" = Catalyst Control Center Graphics Full Existing
"{9B28716A-CAB1-F0E0-A975-83F9C7294F64}" = Catalyst Control Center Graphics Light
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A176487F-227E-3F91-C7AF-679E0E34AC0C}" = ccc-utility
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AD0EF554-9674-3C40-914C-E728036D6B5B}" = CCC Help Polish
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1AAC909-15F7-74EC-5D4D-70E3240CD30A}" = Catalyst Control Center Localization Dutch
"{B24380E2-B8C4-5FC5-F11D-27300AB9B3A3}" = Catalyst Control Center Localization Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8E11DD5-8FC7-6EFB-42A3-1D9C58CDFD84}" = CCC Help Portuguese
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{BF23DA5D-6205-4BE2-36B4-B74D671FF0D1}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC434C7B-54AF-7181-1F33-6BD4DF382FE2}" = CCC Help Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D7C81D2F-9490-518E-893F-0E9AC41415DE}" = Catalyst Control Center Localization Finnish
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DF39E385-C2E0-F044-022B-2A8A565B7182}" = Catalyst Control Center Localization Polish
"{E5FB0690-C5F4-DD4F-4360-D1F360582DCE}" = CCC Help Swedish
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EE94CB5C-9DD8-0373-42C3-A4F9F4A775BA}" = Catalyst Control Center Localization Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BCAAD1-95DF-DF91-4A06-471D97884038}" = CCC Help Norwegian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA378A8C-5F03-519A-AE78-91E93B50FC6A}" = Catalyst Control Center Localization French
"{FA4DDF14-0227-47ED-9FB0-3290E84E8938}" = Catalyst Control Center - Branding
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"EPSON Stylus S20_T10_T20 Benutzerhandbuch" = EPSON Stylus S20_T10_T20 Handbuch
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"LimeWire" = LimeWire 4.16.0
"LManager" = Launch Manager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetLCR_is1" = NetLCR v4.10.405
"PROPLUS" = Microsoft Office Professional Plus 2007
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2012 16:23:58 | Computer Name = tina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 04:40:37 | Computer Name = tina-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.08.2012 04:41:34 | Computer Name = tina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 04:42:57 | Computer Name = tina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description = 
 
Error - 17.08.2012 04:44:29 | Computer Name = tina-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.08.2012 04:45:27 | Computer Name = tina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 05:28:15 | Computer Name = tina-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.08.2012 05:29:08 | Computer Name = tina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.08.2012 09:01:02 | Computer Name = tina-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.08.2012 09:02:00 | Computer Name = tina-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.01.2009 04:34:49 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 27.01.2009 04:37:32 | Computer Name = tina-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.01.2009 16:14:39 | Computer Name = tina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 27.01.2009 16:14:49 | Computer Name = tina-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.01.2009 16:15:22 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 27.01.2009 16:15:23 | Computer Name = tina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.01.2009 16:22:46 | Computer Name = tina-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.01.2009 04:46:14 | Computer Name = tina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 28.01.2009 04:46:23 | Computer Name = tina-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 28.01.2009 04:46:55 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287
Description = 
 
 
< End of report >
--- --- ---

Alt 17.08.2012, 15:51   #2
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (a7alu80y) -- File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= 
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search" 
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/" 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) 
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll File not found 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) 
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) 
O4 - HKLM..\Run: [eRecoveryService] File not found 
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.08.16 22:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ueskigvqneqbbjh 
[2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM 
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.08.16 22:14:09 | 000,000,051 | ---- | M] () -- C:\ProgramData\twwjhhxdrtpukcp 

@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:30C46519 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E6C58E14 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7F66BF58 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DCDE7C60 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B894C266 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ABA71843 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CF2C26D2 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0651F96C 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:765C6A14 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2FF4577A 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D88D995C 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D05E7A8B 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:940ECC98 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:26EE282C 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:41C283B2 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0AE8FC60 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F878F14A 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13B137AF 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ED45A20F 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B652B720 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:9B0F9E15 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3F22DA14 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E55CE2D1 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C40E212B 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:426796C0 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:860D9052 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9446E8B9 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5A173E50 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:550179F5 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:50A11A00 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:05816AFA 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EB603FE4 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F50F1555 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2FAFBD6A 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0EE601C7 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CF5C4195 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9AB338B9 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8DB5ACDD 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:79F970BE 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B3A35EC 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F65733F1 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E33D6212 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8BB2EE92 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:62197B73 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8F7ECF6A 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8DD623B3 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0D31DA45 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FA8B212D 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E71141D2 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:994AEA06 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:87FA5E8A 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:77846FFE 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:7091055F 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E89EDC52 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A724744F 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4B49E3BC 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:20451762 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9E22BBE8 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0A73A758 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E36F5B57 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D26DD363 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:369A9F46 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A42A9F39 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:273A8657 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C0A4F645 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:F951183D 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8C458D50 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:72E546C1 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7079A696 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1C9565AC 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7C8950EF 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4E903DEB 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:567AC0A6 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A696643D 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8FBE0E9C 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:5466F106 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:9A2521F1 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:615435BE 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:41099CE9 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:389D51A1 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4CF61E54 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D8A7F3FF 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2FC9D9C0 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:18AE7C5A 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:981349EA 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:6A18D1F5 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:588B60C7 

[2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM 
[2012.08.16 22:23:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.16 22:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.16 20:49:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000UA.job 
[2012.08.16 11:50:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job 
[2012.08.16 00:11:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000Core.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 17.08.2012, 20:37   #3
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Error: No service named a7alu80y was found to stop!
Service\Driver key a7alu80y not found.
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ deleted successfully.
C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\ueskigvqneqbbjh folder moved successfully.
C:\ProgramData\SweetIM\Messenger\update folder moved successfully.
C:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.
C:\ProgramData\SweetIM\Messenger\data folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
C:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
C:\ProgramData\SweetIM\Messenger folder moved successfully.
C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
C:\ProgramData\SweetIM\Communicator folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Windows\System32\cnmA971.tmp deleted successfully.
C:\ProgramData\twwjhhxdrtpukcp moved successfully.
ADS C:\ProgramData\Temp:30C46519 deleted successfully.
ADS C:\ProgramData\Temp:E6C58E14 deleted successfully.
ADS C:\ProgramData\Temp:7F66BF58 deleted successfully.
ADS C:\ProgramData\TempCDE7C60 deleted successfully.
ADS C:\ProgramData\Temp:B894C266 deleted successfully.
ADS C:\ProgramData\Temp:ABA71843 deleted successfully.
ADS C:\ProgramData\Temp:CF2C26D2 deleted successfully.
ADS C:\ProgramData\Temp:0651F96C deleted successfully.
ADS C:\ProgramData\Temp:765C6A14 deleted successfully.
ADS C:\ProgramData\Temp:2FF4577A deleted successfully.
ADS C:\ProgramData\Temp88D995C deleted successfully.
ADS C:\ProgramData\Temp05E7A8B deleted successfully.
ADS C:\ProgramData\Temp:940ECC98 deleted successfully.
ADS C:\ProgramData\Temp:26EE282C deleted successfully.
ADS C:\ProgramData\Temp:41C283B2 deleted successfully.
ADS C:\ProgramData\Temp:0AE8FC60 deleted successfully.
ADS C:\ProgramData\Temp:F878F14A deleted successfully.
ADS C:\ProgramData\Temp:13B137AF deleted successfully.
ADS C:\ProgramData\Temp:ED45A20F deleted successfully.
ADS C:\ProgramData\Temp:B652B720 deleted successfully.
ADS C:\ProgramData\Temp:9B0F9E15 deleted successfully.
ADS C:\ProgramData\Temp:3F22DA14 deleted successfully.
ADS C:\ProgramData\Temp:E55CE2D1 deleted successfully.
ADS C:\ProgramData\Temp:C40E212B deleted successfully.
ADS C:\ProgramData\Temp:426796C0 deleted successfully.
ADS C:\ProgramData\Temp:860D9052 deleted successfully.
ADS C:\ProgramData\Temp:9446E8B9 deleted successfully.
ADS C:\ProgramData\Temp:5A173E50 deleted successfully.
ADS C:\ProgramData\Temp:550179F5 deleted successfully.
ADS C:\ProgramData\Temp:50A11A00 deleted successfully.
ADS C:\ProgramData\Temp:05816AFA deleted successfully.
ADS C:\ProgramData\Temp:EB603FE4 deleted successfully.
ADS C:\ProgramData\Temp:F50F1555 deleted successfully.
ADS C:\ProgramData\Temp:2FAFBD6A deleted successfully.
ADS C:\ProgramData\Temp:0EE601C7 deleted successfully.
ADS C:\ProgramData\Temp:CF5C4195 deleted successfully.
ADS C:\ProgramData\Temp:9AB338B9 deleted successfully.
ADS C:\ProgramData\Temp:8DB5ACDD deleted successfully.
ADS C:\ProgramData\Temp:79F970BE deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:F65733F1 deleted successfully.
ADS C:\ProgramData\Temp:E33D6212 deleted successfully.
ADS C:\ProgramData\Temp:8BB2EE92 deleted successfully.
ADS C:\ProgramData\Temp:62197B73 deleted successfully.
ADS C:\ProgramData\Temp:8F7ECF6A deleted successfully.
ADS C:\ProgramData\Temp:8DD623B3 deleted successfully.
ADS C:\ProgramData\Temp:0D31DA45 deleted successfully.
ADS C:\ProgramData\Temp:FA8B212D deleted successfully.
ADS C:\ProgramData\Temp:E71141D2 deleted successfully.
ADS C:\ProgramData\Temp:994AEA06 deleted successfully.
ADS C:\ProgramData\Temp:87FA5E8A deleted successfully.
ADS C:\ProgramData\Temp:77846FFE deleted successfully.
ADS C:\ProgramData\Temp:7091055F deleted successfully.
ADS C:\ProgramData\Temp:E89EDC52 deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:580E04D8 deleted successfully.
ADS C:\ProgramData\Temp:4B49E3BC deleted successfully.
ADS C:\ProgramData\Temp:20451762 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\Temp:0A73A758 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp26DD363 deleted successfully.
ADS C:\ProgramData\Temp:369A9F46 deleted successfully.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:273A8657 deleted successfully.
ADS C:\ProgramData\Temp:C0A4F645 deleted successfully.
ADS C:\ProgramData\Temp:F951183D deleted successfully.
ADS C:\ProgramData\Temp:8C458D50 deleted successfully.
ADS C:\ProgramData\Temp:72E546C1 deleted successfully.
ADS C:\ProgramData\Temp:7079A696 deleted successfully.
ADS C:\ProgramData\Temp:1C9565AC deleted successfully.
ADS C:\ProgramData\Temp:7C8950EF deleted successfully.
ADS C:\ProgramData\Temp:4E903DEB deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:567AC0A6 deleted successfully.
ADS C:\ProgramData\Temp:A696643D deleted successfully.
ADS C:\ProgramData\Temp:8FBE0E9C deleted successfully.
ADS C:\ProgramData\Temp:5466F106 deleted successfully.
ADS C:\ProgramData\Temp:9A2521F1 deleted successfully.
ADS C:\ProgramData\Temp:615435BE deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:389D51A1 deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp8A7F3FF deleted successfully.
ADS C:\ProgramData\Temp:2FC9D9C0 deleted successfully.
ADS C:\ProgramData\Temp:18AE7C5A deleted successfully.
ADS C:\ProgramData\Temp:981349EA deleted successfully.
ADS C:\ProgramData\Temp:6A18D1F5 deleted successfully.
ADS C:\ProgramData\Temp:588B60C7 deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files\SweetIM\Messenger folder moved successfully.
C:\Program Files\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Communicator folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000UA.job moved successfully.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Icke\Desktop\cmd.bat deleted successfully.
C:\Users\Icke\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Icke
->Temp folder emptied: 6421723640 bytes
->Temporary Internet Files folder emptied: 225017795 bytes
->Java cache emptied: 15187202 bytes
->FireFox cache emptied: 115450402 bytes
->Apple Safari cache emptied: 177933312 bytes
->Flash cache emptied: 13150 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 479077736 bytes
RecycleBin emptied: 1669529624 bytes

Total Files Cleaned = 8.682,00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08172012_211521

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ist es geschafft? haben wir den Trojaner verjagt?
Was mus ich jetzt tun?
Schon mal vielen vielen Dank, ihr seit super und meine Rettung!
__________________
Alt 18.08.2012, 15:05   #4
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.08.2012, 19:48   #5
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Rechner läuft super bis jetzt! Ich werd noch deine nächsten Schritte ausführen und dann sehen wir weiter!

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Icke :: TINA-PC [administrator]

Protection: Disabled

19.08.2012 07:16:09
mbam-log-2012-08-19 (07-16-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384129
Time elapsed: 1 hour(s), 54 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 09:13:34
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Icke - TINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Icke\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Icke\AppData\Roaming\pdfforge
Folder Found : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\SweetPacksToolbarData
Folder Found : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Found : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
File Found : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\searchplugins\SweetIm.xml
File Found : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

***** [Registry] *****

Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Found : user_pref("sweetim.toolbar.scripts.1.callback", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{42C301B3-E5FD-11E1-96D2-001EEC5742BC}");

*************************

AdwCleaner[R1].txt - [7112 octets] - [19/08/2012 09:13:34]

########## EOF - C:\AdwCleaner[R1].txt - [7240 octets] ##########


Alt 19.08.2012, 17:11   #6
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Bundesplizei Trojaner

Alt 22.08.2012, 06:29   #7
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


# AdwCleaner v1.801 - Logfile created 08/19/2012 at 18:24:50
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Icke - TINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Icke\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Icke\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\SweetPacksToolbarData
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
File Deleted : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

***** [Registry] *****

Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\prefs.js

C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\k1d3xd16.default\user.js ... Deleted !

Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{42C301B3-E5FD-11E1-96D2-001EEC5742BC}");

*************************

AdwCleaner[R1].txt - [7241 octets] - [19/08/2012 09:13:34]
AdwCleaner[S1].txt - [7427 octets] - [19/08/2012 18:24:50]

########## EOF - C:\AdwCleaner[S1].txt - [7555 octets] ##########

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.08.2012 07:40:20

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 22.08.2012 07:42:12

c:\users\icke\appdata\roaming\pogo games\common gefunden: Trace.File.lottso!E1
c:\users\icke\appdata\roaming\pogo games gefunden: Trace.File.lottso!E1
c:\users\icke\appdata\roaming\pogo games\common\cache gefunden: Trace.File.lottso!E1
Value: hkey_current_user\software\gog\bloodties --> inprogress gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> recvidmemory gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> version gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> warning gefunden: Trace.Registry.gamefiesta blood ties!E1
Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> failurereason gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> minvidmemory gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> displayguid gefunden: Trace.Registry.gamefiesta blood ties!E1
C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe gefunden: Riskware.Crack.Zuma!E2
C:\Program Files\Yahoo! Games\Zuma Deluxe\PopCap Zuma Deluxe! v1.0 (crack).exe gefunden: Adware.Win32.Agent!E1
C:\Program Files\DAEMON Tools Lite\uninst.exe gefunden: Adware.Win32.Toolbar.Shopper.AMN!E1

Gescannt 643118
Gefunden 15

Scan Ende: 22.08.2012 10:58:16
Scan Zeit: 3:16:04

C:\Program Files\DAEMON Tools Lite\uninst.exe Quarantäne Adware.Win32.Toolbar.Shopper.AMN!E1
C:\Program Files\Yahoo! Games\Zuma Deluxe\PopCap Zuma Deluxe! v1.0 (crack).exe Quarantäne Adware.Win32.Agent!E1
C:\Program Files\Yahoo! Games\Zuma Deluxe\Zuma.exe Quarantäne Riskware.Crack.Zuma!E2
Key: hkey_local_machine\software\trymedia systems Quarantäne Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software Quarantäne Trace.Registry.trymedia!E1
Value: hkey_current_user\software\gog\bloodties --> inprogress Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> recvidmemory Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> version Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> warning Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> failurereason Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> minvidmemory Quarantäne Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> displayguid Quarantäne Trace.Registry.gamefiesta blood ties!E1
c:\users\icke\appdata\roaming\pogo games\common Quarantäne Trace.File.lottso!E1
c:\users\icke\appdata\roaming\pogo games Quarantäne Trace.File.lottso!E1
c:\users\icke\appdata\roaming\pogo games\common\cache Quarantäne Trace.File.lottso!E1

Quarantäne 15

Alt 22.08.2012, 20:20   #8
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 10:26   #9
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=11fae896eb60b74b92a2001544570609
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-24 09:22:14
# local_time=2012-08-24 11:22:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=770 16774141 100 100 43701660 282072640 0 0
# compatibility_mode=5892 16776573 100 100 1787 183324214 0 0
# compatibility_mode=8192 67108863 100 0 176 176 0 0
# scanned=208495
# found=1
# cleaned=1
# scan_time=8648
C:\_OTL\MovedFiles\08172012_211521\C_ProgramData\ueskigvqneqbbjh\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Alt 24.08.2012, 15:19   #10
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.08.2012, 07:35   #11
Tinschen1
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


hallo, hab alles gemacht, dass kam dabei raus:



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 14.0.1 ist aktuell

Flash 11,0,1,152 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.

Adobe Reader 8,2,0,81 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3

Alt 28.08.2012, 19:10   #12
t'john
/// Helfer-Team
 
Bundesplizei Trojaner - Standard

Bundesplizei Trojaner


Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundesplizei Trojaner
aufgrund, bildschirm, bundesplizei, canon, crime, erwischt, gesperrt, gestern, google earth, install.exe, laptop, laptop gesperrt, launch, limited.com/facebook, msiexec.exe, plug-in, pup.adware.agent, stand, sweetim, sweetpacks, troja, trojane, trojaner, unterstützung, verzweifel, verzweifelt, veränderte


« Malware (Trojaner, Virus?) GamePlayLab / CrossFire.Gen hat sich breitgemacht | Live Security Platinum Trojaner »


Ähnliche Themen: Bundesplizei Trojaner


  1. Bundesplizei virus HILLLLLFE daten verschlüsselt
    Log-Analyse und Auswertung - 30.10.2012 (19)
  2. Bei winxp Bundesplizei Trojaner entfernen
    Log-Analyse und Auswertung - 15.12.2011 (10)
  3. Bundesplizei Trojaner
    Log-Analyse und Auswertung - 06.11.2011 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundesplizei Trojaner - Hallo, mich hats ebenso erwischt wie viele andere. Gestern veränderte sich mein Bildschirm und dann stand da, dass mein Laptop gesperrt sei aufgrund einer Sicherheitskontrolle. Ich hab hier schon ein - Bundesplizei Trojaner...
Archiv
Du betrachtest: Bundesplizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55