| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GENWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.08.2012, 06:26
| #1 |
 |  Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Hallo, mich hat es wieder erwischt! Zuerst schlug Antvir an, dann wurde die Windows Firewall inaktiv und dann kam die Meldung der Bundespolizei mit 100€ zu zahlen. Vor einem guten Monat hatte ich schonmal einen Befall, siehe nachfolgenden link hxxp://http://www.trojaner-board.de/119564-...stemstart.html Anbei die logs von Malewarebytes und OTL Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: MEIER [Administrator] 30.08.2012 19:50:32 mbam-log-2012-08-31 (06-49-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 412383 Laufzeit: 2 Stunde(n), 40 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\mrsaoxnecw.exe (Trojan.Agent.MRGGen) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\rmxwonaesc.exe (Spyware.Password) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 31.08.2012 06:53:50 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,40% Memory free 3,83 Gb Paging File | 3,09 Gb Available in Paging File | 80,57% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 86,76 Gb Free Space | 37,26% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\T-Online\T-Online_Software_6\Browser\browser.exe (Deutsche Telekom AG) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe () PRC - C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\TOnAuDi.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper® Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\Programme\LG Soft India\EasySetPackage\bin\TestDDCCI.exe () MOD - C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe () MOD - C:\Programme\LG Soft India\EasySetPackage\bin\Hook.dll () MOD - C:\WINDOWS\system32\LGErrorHandler.dll () MOD - C:\Programme\LG Soft India\EasySetPackage\bin\GerRes.dll () MOD - C:\Programme\LG Soft India\EasySetPackage\bin\ESPContextMenu.dll () MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libcurl.dll () MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libexpat.dll () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Services (SafeList) ========== SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TDslMgrService) -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (Start BT in service) -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper® Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (InCDsrv) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Nero AG) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (LGII2CDevice) -- C:\WINDOWS\system32\LGPII2CDriver.sys (LG Soft India) DRV - (LGDDCDevice) -- C:\WINDOWS\system32\LGI2CDriver.sys (LG Soft India) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (dsltestSp5) -- C:\WINDOWS\system32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (TSMPacket) -- C:\WINDOWS\system32\drivers\tsmpkt.sys (T-Systems) DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (BTNetFilter) -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.) DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH) DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG) DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.18 18:03:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 19:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.17 09:15:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.18 18:03:13 | 000,000,000 | ---D | M] [2011.02.02 10:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2012.07.28 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions [2011.02.05 16:28:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xbw050n0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.18 15:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 08:51:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.30 19:43:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 19:43:39 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2011.12.23 13:13:18 | 000,440,018 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15128 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelAudioStudio] C:\Programme\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-21-1644491937-1078081533-839522115-1003..\Run: [] C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EasySetPackage.lnk = C:\Programme\LG Soft India\EasySetPackage\bin\EasySetPackage.exe () O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} hxxp://activex.microgaming.com/DLHelper/version7/DLHelper.cab (Download Helper Class) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF62A54C-983F-4092-AD88-C9D2CACE0D57}: NameServer = 217.0.43.177 217.0.43.161 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.30 20:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 06:52:34 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.08.23 16:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\1&1 [2012.08.23 16:12:27 | 005,946,616 | ---- | C] (1&1 Internet AG) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\EasyLogin_setup_DE.exe [2012.08.04 08:36:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Unilux Rechnungsanlage Holz-Alu [2012.06.06 09:58:51 | 033,269,216 | ---- | C] (RIB Software AG ) -- C:\Dokumente und Einstellungen\Besitzer\avasign400.exe ========== Files - Modified Within 30 Days ========== [2012.08.31 07:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.31 06:52:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.08.31 06:52:44 | 010,828,567 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\vlc-0.8.6d-win32.exe [2012.08.31 06:48:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.30 20:48:42 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2012.08.30 19:41:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.30 19:39:17 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 19:39:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.30 18:12:04 | 000,167,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\oagrk.dll [2012.08.30 13:19:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.08.28 09:05:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.08.28 07:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.27 17:09:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.08.27 16:59:40 | 006,474,492 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Z_19_14_1234_neu.pdf [2012.08.27 16:59:22 | 003,755,174 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\ZiE Bürgerhaus Markt Erlbach.pdf [2012.08.27 16:57:47 | 000,654,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\27-08-2012 10;34;37.PDF [2012.08.26 12:00:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.08.26 10:39:25 | 001,213,078 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf [2012.08.23 16:12:37 | 005,946,616 | ---- | M] (1&1 Internet AG) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\EasyLogin_setup_DE.exe [2012.08.22 09:59:47 | 034,371,338 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Standard_20120822_095932.zip [2012.08.22 07:56:35 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.08.16 16:13:31 | 000,052,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\doc20120816154531.pdf [2012.08.15 21:16:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.08.15 21:16:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.08.15 13:11:13 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.15 09:07:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.11 18:17:37 | 000,798,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Deutsche Biertrinker - Kopie.pps ========== Files Created - No Company Name ========== [2012.08.30 18:12:04 | 000,167,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\oagrk.dll [2012.08.27 16:59:30 | 006,474,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Z_19_14_1234_neu.pdf [2012.08.27 16:59:15 | 003,755,174 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\ZiE Bürgerhaus Markt Erlbach.pdf [2012.08.27 16:57:45 | 000,654,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\27-08-2012 10;34;37.PDF [2012.08.26 10:39:23 | 001,213,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Preisliste_2012 Cortex.pdf [2012.08.22 09:59:38 | 034,371,338 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Standard_20120822_095932.zip [2012.08.16 16:13:31 | 000,052,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\doc20120816154531.pdf [2012.08.15 08:51:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.08.11 18:17:35 | 000,798,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Deutsche Biertrinker - Kopie.pps [2012.04.26 12:19:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012.04.26 12:19:51 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012.04.26 12:19:51 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012.04.12 07:59:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\RBuilder.ini [2012.02.16 08:07:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.05.15 01:42:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.05.15 01:42:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.05.04 13:25:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LGErrorHandler.dll [2011.03.09 11:16:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.02.02 09:28:30 | 000,003,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel [2010.12.25 16:09:07 | 000,029,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.14 13:52:15 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\BieterModul.ini [2009.03.07 13:13:10 | 000,282,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_nav.dat [2009.03.07 13:12:40 | 000,003,021 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici.dat [2009.03.07 13:12:40 | 000,001,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\mkici_navps.dat [2006.10.20 17:55:27 | 000,169,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.06 07:05:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.10.02 19:07:17 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe [2006.09.30 21:32:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.09.30 20:59:21 | 000,016,896 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\so_icon_lib.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 06:53:50 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,40% Memory free
3,83 Gb Paging File | 3,09 Gb Available in Paging File | 80,57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 86,76 Gb Free Space | 37,26% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: MEIER | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1644491937-1078081533-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1391:UDP" = 1391:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1390:UDP" = 1390:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
"1398:UDP" = 1398:UDP:*:Enabled:Windows Media Format SDK (BROWSER.EXE)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\VectorWorks 11\VectorWorks.exe" = C:\Programme\VectorWorks 11\VectorWorks.exe:*:Disabled:VectorWorks Application -- (Nemetschek North America, Inc.)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe" = C:\Programme\T-Online\T-Online_Software_6\Browser\dlman.exe:*:Enabled:T-Online Browser 6.0 Download Manager -- (Deutsche Telekom AG)
"C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe" = C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0I9LGFTL\NTRsupport_99503[1].exe:*:Enabled:NTRsupport
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\adawaretb\dtUser.exe" = C:\Programme\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00DF228D-0F08-9C76-F2D9-2FB5000439EB}" = CCC Help Thai
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (CANTOR2005)
"{03D375B0-8750-5182-0F7A-2E7478EB53F6}" = CCC Help Finnish
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04B7FE00-9D1E-FAB5-6AE3-9570CCF43058}" = CCC Help Japanese
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07AC654E-38B1-410A-E655-7C7D975F9986}" = Catalyst Control Center InstallProxy
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AF50818-4920-620E-C71B-7EE0440AE1EC}" = CCC Help Korean
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{13CEE5F4-1E7D-44F8-B77E-6B805680863F}" = Microsoft SQL Server 2008 R2 Native Client
"{1559D65C-9467-4CC7-B826-6CEFB73A6E45}" = Premium VoIP Offers
"{173C262F-8474-4118-8BF3-02BFDFA00AC9}" = UPE2009
"{18EC172E-2FBB-1C87-36D5-D87C3FF393D3}" = CCC Help French
"{1902A37F-C3F4-4984-AD67-81309B3B2E64}" = Diskeeper Home Edition
"{1962E9F3-7870-DA54-3A18-2669DF9DE216}" = ccc-utility
"{1C01FF9E-2267-4100-AD37-9162D698D160}" = Cantor 2010.2 Prerequisites
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D9B22F5-D40C-38FA-46E4-11D8E0F0CB95}" = CCC Help Polish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21082652-1361-FA14-14C2-6048A6B30209}" = CCC Help Chinese Standard
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{240D4AC7-F7BC-4B51-898E-E4CB86485ECE}" = Intel Audio Studio 2.0
"{24A4214B-819F-D5C8-3EB6-23098FD0E7E4}" = CCC Help Turkish
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29C699E7-103E-4DB0-BEBC-EEC36F24FDDC}" = UPE2011
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D2B857A-2D9A-62EC-0C8B-143A67D44BAA}" = CCC Help Spanish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{356B2830-696A-888B-F501-9223ABF478FB}" = CCC Help Czech
"{3DECEA7E-BC27-5B1D-10CE-CB1BBA0DD4CA}" = Catalyst Control Center Graphics Previews Common
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41245369-03C6-873A-0E5A-F5296A1213B9}" = CCC Help Hungarian
"{41FADB1B-BCF0-4D97-8A6D-EC7A4A9E021E}" = Cantor Crystal Reports 10 Components
"{45EB96EE-AC25-5797-FAC5-78025043708F}" = Catalyst Control Center
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59CB0414-01D1-D394-5CD7-8A6845F45947}" = CCC Help Italian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A79D3F9-1EB9-424A-A4EB-721677E56740}" = Install Intel Desktop Utilities
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{66615E72-0F55-4D4F-8320-DF89ABB39A95}" = Cantor Crystal Reports 11.5 Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0B6D9B-9C27-095E-33CE-057D2677C80F}" = CCC Help Russian
"{6FFC6CC9-56B4-428C-ADAF-AFEBF896EA22}" = Cantor Crystal Reports 11.5 Components V3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7803FC29-BB90-F52B-13F6-BC480DFB0ACD}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACCB284-D190-411B-B1B9-1DBD4BFDACE1}" = Unilux Partner EDV
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{841AEB60-5A7E-481E-93AD-F456065DE2F1}" = Cantor 2006.1 Prerequisites
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9D738A-2C30-4574-90FE-E6B4F6065D48}" = Bluesoleil3.2.2.8 Release 070421
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911FEE13-483C-CABD-B024-993E97A07F18}" = CCC Help Dutch
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986D042E-5211-3D34-0DB0-2FB3FFF00C39}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A057B18B-71F3-7C99-5948-7727EC9C0923}" = CCC Help Portuguese
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD8576E-C02F-0118-9D06-2E65BCEC3540}" = CCC Help English
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBEDBF2-0095-A8BD-891E-E3245D388F90}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D158588C-B6A4-636B-2A24-38C15EAD2D5C}" = Catalyst Control Center Localization All
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D638323B-6AEF-4190-ABB4-AF2F4AFE75DB}" = Cantor 2008.2 Prerequisites
"{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}" = AMD Catalyst Install Manager
"{DBBD6080-FB66-FD07-EE8B-7B0D5EA509A9}" = CCC Help Chinese Traditional
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F89FD8CD-FC96-4F75-8376-3C3C292907D5}" = Intel Special Offers
"{FB53C441-9BF0-30F4-6537-F7A3F26058C5}" = CCC Help Norwegian
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF34CC98-7A5D-FDA1-3EE9-CF628A45EA4F}" = CCC Help Greek
"1&1 EasyLogin" = 1&1 EasyLogin
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.9
"ava-sign 4.2.10.1919_is1" = ava-sign 4.2.10.1919 -
"ava-sign 4.2.7.1832_is1" = ava-sign 4.2.7.1832
"Avira AntiVir Desktop" = Avira Free Antivirus
"CadStd" = CadStd
"CCleaner" = CCleaner
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Active Client Manager 2.0 HECI Driver
"Home Media Server 4.1.4.0067" = Home Media Server 4.1.4.0067
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Installationsauswahl" = Installationsauswahl
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Picasa 3" = Picasa 3
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"UPE 2000 5.3" = UPE 2000 5.3
"UPE 2000 5.3 Arbeitsplatz" = UPE 2000 5.3 Arbeitsplatz
"VectorWorks 11" = VectorWorks 11
"ventasoft Demo-Filme_is1" = Lernvideos für Bieter
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YASA VOB to MP4 Converter v3.9 (build 0059)" = YASA VOB to MP4 Converter v3.9 (build 0059)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2012 11:04:22 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.08.2012 11:05:20 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.08.2012 11:05:38 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.08.2012 11:47:14 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.08.2012 11:48:27 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.08.2012 11:48:29 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung browser.exe, Version 6.13.150.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.08.2012 11:19:31 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kernel.exe, Version 2.22.0.18, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.08.2012 10:07:38 | Computer Name = MEIER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.4.38, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 13.04.2010 05:40:40 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1160
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 01.04.2011 10:57:31 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 904
seconds with 780 seconds of active time. This session ended with a crash.
Error - 14.01.2012 14:20:59 | Computer Name = MEIER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1726
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.08.2012 11:13:33 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 11:13:37 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 11:13:41 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 11:13:45 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 11:13:49 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 11:13:53 | Computer Name = MEIER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\D.
Error - 30.08.2012 13:34:56 | Computer Name = MEIER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "vToolbarUpdater11.2.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.08.2012 13:35:07 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE
Error - 30.08.2012 13:40:12 | Computer Name = MEIER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "vToolbarUpdater11.2.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.08.2012 13:40:23 | Computer Name = MEIER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE
< End of report >
|
|
01.09.2012, 03:16
| #2 |
| /// Helfer-Team  | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe ()
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1644491937-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] "C:\Programme\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-1644491937-1078081533-839522115-1003..\Run: [] C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.30 20:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.08.23 16:12:27 | 005,946,616 | ---- | C] (1&1 Internet AG) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\EasyLogin_setup_DE.exe
[2012.08.31 06:52:44 | 010,828,567 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\vlc-0.8.6d-win32.exe
:Files
C:\Users\Besitzer\AppData\Local\{*}
C:\ProgramData\*.exe
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\*.exe
C:\ProgramData\TEMP
C:\Users\Besitzer\AppData\Local\Temp\*.exe
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
01.09.2012, 10:30
| #3 |
| | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Hallo,
__________________und schonmal DANKE vorab!  Anbei die gewünschten logs: Code:
ATTFilter All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File System32\Drivers\usbaapl.sys File not found not found.
Service SBRE stopped successfully!
Service SBRE deleted successfully!
File C:\WINDOWS\system32\drivers\SBREdrv.sys File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File system32\DRIVERS\Lbd.sys File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1644491937-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1644491937-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.param.yahoo-fr
Prefs.js: "" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\swmrxcaeon.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Desktop\EasyLogin_setup_DE.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\vlc-0.8.6d-win32.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Besitzer\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\EasyLogin_setup_DE.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\mrsaoxnecw.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\rmxwonaesc.exe moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\wusetup.exE moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\xsrwoanecm.exe moved successfully.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Besitzer\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Besitzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Besitzer
->Temp folder emptied: 152998230 bytes
->Temporary Internet Files folder emptied: 10178005 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91509215 bytes
->Google Chrome cache emptied: 6315092 bytes
->Flash cache emptied: 982 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 726003 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3568342 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 253,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_081725
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_688.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: MEIER [Administrator] 01.09.2012 08:26:57 mbam-log-2012-09-01 (11-15-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 412997 Laufzeit: 2 Stunde(n), 45 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles\09012012_081725\C_Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\mrsaoxnecw.exe (Trojan.Agent.MRGGen) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\09012012_081725\C_Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\rmxwonaesc.exe (Spyware.Password) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/01/2012 um 11:22:41 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Besitzer - MEIER
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Besitzer\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : vToolbarUpdater11.2.0
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [7617 octets] - [18/07/2012 07:05:50]
AdwCleaner[S1].txt - [7913 octets] - [18/07/2012 15:10:28]
AdwCleaner[R2].txt - [926 octets] - [01/09/2012 11:22:41]
########## EOF - C:\AdwCleaner[R2].txt - [985 octets] ##########
Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/01/2012 um 11:23:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Besitzer - MEIER
# Normaler Modus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Besitzer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : vToolbarUpdater11.2.0
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[R1].txt - [7617 octets] - [18/07/2012 07:05:50]
AdwCleaner[S1].txt - [7913 octets] - [18/07/2012 15:10:28]
AdwCleaner[R2].txt - [1053 octets] - [01/09/2012 11:22:41]
AdwCleaner[S2].txt - [1442 octets] - [01/09/2012 11:23:30]
########## EOF - C:\AdwCleaner[S2].txt - [1502 octets] ##########
|
|
02.09.2012, 05:58
| #4 |
| /// Helfer-Team | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
03.09.2012, 13:33
| #5 |
| | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Hallo, naja Rechner läuft normal, aber während des Scans schlug Avira an und meldete TR/Trash-Gen. Emisisoft log Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 03.09.2012 06:58:01
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 03.09.2012 07:06:27
C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1824\A0211227.lnk gefunden: Trojan.LNK.Reveton!E2
C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1820\A0209842.exe gefunden: SoftwareBundler.Win32.KaZaA!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Programme\MediaLoads\v1\ML.exe gefunden: AdWare.Win32.MediaLoads!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GDE3OHYB\0518[1].htm gefunden: AdWare.JS.CountXES!E2
Gescannt 772956
Gefunden 4
Scan Ende: 03.09.2012 14:24:49
Scan Zeit: 7:18:22
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GDE3OHYB\0518[1].htm Quarantäne AdWare.JS.CountXES!E2
C:\Dokumente und Einstellungen\Besitzer\Desktop\Sicherung\Programme\MediaLoads\v1\ML.exe Quarantäne AdWare.Win32.MediaLoads!E2
C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1820\A0209842.exe Quarantäne SoftwareBundler.Win32.KaZaA!E2
C:\System Volume Information\_restore{09B6A9D9-D5C9-4C38-9F74-23241906A064}\RP1824\A0211227.lnk Quarantäne Trojan.LNK.Reveton!E2
Quarantäne 4
|
|
04.09.2012, 15:48
| #6 |
| /// Helfer-Team | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN |
|
04.09.2012, 20:02
| #7 |
| | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Ok, hier das logfile Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9438a796e00474ca529ae0aadb24d4c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-04 06:41:39
# local_time=2012-09-04 08:41:39 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 7099653 7099653 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=274808
# found=0
# cleaned=0
# scan_time=10386
|
|
04.09.2012, 20:34
| #8 |
| /// Helfer-Team | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
04.09.2012, 20:40
| #9 | |
| | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Mein Java ist aktuell! Also, mein Java war aktuell, so hab ich es nicht aktualisiert! Danach die alten Java-Versionen deinstalliert, dann Neustart! Nach dem Neustart wie beschrieben auf auf Einstellungen --- Dateien löschen, konnte keinen Haken bei : Anwendungen und Applets und Verfolgungs- und Protokolldateien setzen da inaktiv! Dann Java eingestellte, siehe Plugin-Check: Internet Explorer 7.0 ist veraltet! Flash 11,3,300,271 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java (1,7,0,7) ist aktuell. Adobe Reader 10,1,0,0 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 ups.. dann Java komplett deinstalliert und den Plugin-Check gemacht: Zitat:
|
|
05.09.2012, 13:38
| #10 |
| /// Helfer-Team | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
05.09.2012, 15:57
| #11 |
| | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Ok, nochmals vielen Dank!  Was passiert eigentlich mit Java...das ist ja weg !? Soll das dauerhaft deinstalliert bleiben solange ich den IE nutze? CCleaner hat einen Fehler in der Registry gefunden der immer wieder kommt und sich nicht beheben lässt! Gruß Hans |
|
06.09.2012, 02:18
| #12 | |
| /// Helfer-Team | Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN Lasse Java weg, wenn du es sowieso nicht brauchst. Zitat:
|
|
| Themen zu Bundespolizei Trojaner mit TR/Vcaredix.A.5 und TR/Crypt.XPACK.GEN |
| ad-aware, antivir, antivirus, any video converter, avg, avg secure search, avira, bho, bingbar, bonjour, browser, browser.exe, converter, excel, firefox, flash player, focus, format, google earth, home, homepage, logfile, object, office 2007, pdfforge toolbar, plug-in, registry, safer networking, scan, secure search, security, software, super, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.agent.mrggen, trojaner, udp, vtoolbarupdater, windows, windows internet |
Linear-Darstellung
