Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Blockade 50 € abzocke! (https://www.trojaner-board.de/109604-windows-blockade-50-abzocke.html)

posta 11.02.2012 04:02
Windows Blockade 50 € abzocke!
 
Hallo,

ihr kennt ja das Porblem mit der abzocke hoffe ihr könnt mir da weiter helfen.
Schon Vielen Dank im voraus!

Anbei die OTL.txt und die Datein im Anhang:







OTL Logfile:
Code:
OTL logfile created on: 11.02.2012 03:07:30 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\joker\Desktop
 Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,55 Mb Total Physical Memory | 504,78 Mb Available Physical Memory | 49,32% Memory free
2,00 Gb Paging File | 1,37 Gb Available in Paging File | 68,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 341,05 Gb Free Space | 91,53% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JOKER-PC | User Name: joker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.11 03:01:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joker\Desktop\OTL.exe
PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.10.05 20:18:50 | 001,051,760 | ---- | M] (Badoo) -- C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
PRC - [2010.07.05 12:49:06 | 001,167,296 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe
PRC - [2009.04.22 06:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.22 06:19:02 | 000,131,072 | ---- | M] () -- C:\Users\joker\AppData\Roaming\Microsoft\torrent.exe
PRC - [2009.04.22 06:18:52 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.10.22 23:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.04.22 06:19:02 | 000,131,072 | ---- | M] () -- C:\Users\joker\AppData\Roaming\Microsoft\torrent.exe
MOD - [2007.01.16 08:49:22 | 000,065,536 | ---- | M] () -- C:\Windows\system\VMix.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.04.22 06:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.04.22 06:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.04.22 06:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.07 18:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.04.22 06:23:55 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.04.22 06:23:47 | 000,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.04.22 06:23:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.04.22 04:26:30 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.04.22 04:26:29 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.03.20 16:23:16 | 007,678,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.01 04:44:46 | 001,412,928 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 00 30 12 2B 4E CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2009.03.20 16:31:18 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [{9584D965-BA1A-11E0-B323-806E6F6E6963}] C:\Users\joker\AppData\Roaming\Microsoft\torrent.exe ()
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe (Badoo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\joker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70A1EEA9-AC54-4711-90DC-80237ECA083F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C586351E-3356-44C1-AD67-44FCF8BF3249}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.20 16:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 01:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0379d9ca-ba1d-11e0-bd01-0016e65f3da8}\Shell - "" = AutoRun
O33 - MountPoints2\{0379d9ca-ba1d-11e0-bd01-0016e65f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0379d9ea-ba1d-11e0-bd01-0016e65f3da8}\Shell - "" = AutoRun
O33 - MountPoints2\{0379d9ea-ba1d-11e0-bd01-0016e65f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3048347d-e7b5-11e0-a756-0016e65f3da8}\Shell - "" = AutoRun
O33 - MountPoints2\{3048347d-e7b5-11e0-a756-0016e65f3da8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{79055ebf-d113-11e0-b4f8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79055ebf-d113-11e0-b4f8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79055ef3-d113-11e0-b4f8-0016e65f3da8}\Shell - "" = AutoRun
O33 - MountPoints2\{79055ef3-d113-11e0-b4f8-0016e65f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79055f0b-d113-11e0-b4f8-0016e65f3da8}\Shell - "" = AutoRun
O33 - MountPoints2\{79055f0b-d113-11e0-b4f8-0016e65f3da8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 03:00:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\joker\Desktop\OTL.exe
[2012.02.11 02:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.02.11 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\joker\Documents\Simply Super Software
[2012.02.11 02:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.02.11 02:28:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012.02.11 02:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.02.11 02:28:51 | 000,000,000 | ---D | C] -- C:\Users\joker\AppData\Roaming\Simply Super Software
[2012.02.11 02:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.02.11 02:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.02.11 02:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.02.11 01:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.11 01:24:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.11 01:24:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.11 01:24:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.11 01:09:15 | 094,729,688 | ---- | C] (deltra Business Software GmbH & Co KG                      ) -- C:\Users\joker\Desktop\orgaMAXSetup.exe
[2012.02.11 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\joker\AppData\Roaming\Avira
[2012.02.11 00:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.11 00:11:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.11 00:11:05 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.11 00:11:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.02.11 00:11:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.11 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.11 00:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.04 08:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.02.04 08:48:03 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.02.04 08:48:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.02.04 08:47:02 | 000,000,000 | ---D | C] -- C:\Users\joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.02.04 08:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012.02.04 08:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.02.04 08:46:48 | 000,000,000 | ---D | C] -- C:\Users\joker\AppData\Roaming\Winamp
[2012.02.04 08:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.02.04 08:44:46 | 012,869,448 | ---- | C] (Nullsoft, Inc.) -- C:\Users\joker\Desktop\winamp5623_full_emusic-7plus_de-de.exe
[2012.01.14 20:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\GMX Toolbar
[2012.01.14 20:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2012.01.14 20:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung
[2012.01.14 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.01.14 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1InternetExplorerAddon
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 03:06:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.11 03:06:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.11 03:05:57 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.11 03:01:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joker\Desktop\OTL.exe
[2012.02.11 02:55:01 | 000,643,640 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.11 02:55:01 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.11 02:55:01 | 000,126,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.11 02:55:01 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.11 02:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 02:30:15 | 000,008,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 02:30:15 | 000,008,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 02:28:58 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.02.11 02:05:51 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.11 01:09:22 | 094,729,688 | ---- | M] (deltra Business Software GmbH & Co KG                      ) -- C:\Users\joker\Desktop\orgaMAXSetup.exe
[2012.02.11 00:11:25 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 00:09:03 | 087,262,320 | ---- | M] () -- C:\Users\joker\Desktop\avira_free_antivirus1200872_de.exe
[2012.02.04 08:48:05 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.02.04 08:44:59 | 012,869,448 | ---- | M] (Nullsoft, Inc.) -- C:\Users\joker\Desktop\winamp5623_full_emusic-7plus_de-de.exe
[2012.01.22 04:19:09 | 000,405,654 | ---- | M] () -- C:\Users\joker\Desktop\untitled.bmp
[2012.01.14 20:03:06 | 000,001,940 | ---- | M] () -- C:\Users\joker\Desktop\Amazon.lnk
[2012.01.14 19:35:12 | 000,047,467 | ---- | M] () -- C:\Users\joker\Desktop\394907_3068612756915_1311462726_33337730_58111589_n.jpg
[2012.01.14 19:34:39 | 000,017,954 | ---- | M] () -- C:\Users\joker\Desktop\385164_2828100094938_1032136971_2990051_1031488930_n.jpg
[2012.01.14 19:19:34 | 000,050,947 | ---- | M] () -- C:\Users\joker\Desktop\395709_2828148096138_1032136971_2990122_686969887_n.jpg
[2012.01.14 16:50:22 | 000,054,612 | ---- | M] () -- C:\Users\joker\Desktop\388425_3068612156900_1311462726_33337729_579720819_n.jpg
 
========== Files Created - No Company Name ==========
 
[2012.02.11 02:28:58 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.02.11 02:28:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.02.11 02:28:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.02.11 02:28:54 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.02.11 02:28:54 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.02.11 02:05:51 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.11 00:11:25 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 00:09:00 | 087,262,320 | ---- | C] () -- C:\Users\joker\Desktop\avira_free_antivirus1200872_de.exe
[2012.02.04 08:48:05 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.01.22 04:19:08 | 000,405,654 | ---- | C] () -- C:\Users\joker\Desktop\untitled.bmp
[2012.01.14 20:03:06 | 000,001,954 | ---- | C] () -- C:\Users\joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMX.lnk
[2012.01.14 20:03:06 | 000,001,940 | ---- | C] () -- C:\Users\joker\Desktop\Amazon.lnk
[2012.01.14 19:38:56 | 000,017,954 | ---- | C] () -- C:\Users\joker\Desktop\385164_2828100094938_1032136971_2990051_1031488930_n.jpg
[2012.01.14 19:37:48 | 000,047,467 | ---- | C] () -- C:\Users\joker\Desktop\394907_3068612756915_1311462726_33337730_58111589_n.jpg
[2012.01.14 19:32:45 | 000,054,612 | ---- | C] () -- C:\Users\joker\Desktop\388425_3068612156900_1311462726_33337729_579720819_n.jpg
[2012.01.14 19:32:09 | 000,050,947 | ---- | C] () -- C:\Users\joker\Desktop\395709_2828148096138_1032136971_2990122_686969887_n.jpg
[2011.07.30 14:29:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.29 20:56:51 | 000,000,084 | R--- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2011.07.29 20:56:11 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2011.07.29 20:56:11 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2009.04.22 11:41:15 | 000,643,640 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.04.22 11:41:15 | 000,295,938 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.04.22 11:41:15 | 000,126,146 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.04.22 11:41:15 | 000,038,062 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.04.22 10:02:06 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.04.22 09:08:31 | 000,356,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.04.22 06:59:24 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.04.22 06:59:24 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.04.22 06:59:24 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.04.22 06:59:24 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.04.22 06:58:42 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.04.22 06:57:51 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.04.22 05:20:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.04.22 04:53:35 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.04.22 04:50:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.04.22 04:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.03.20 16:26:09 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.07.29 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\DVDVideoSoft
[2011.07.29 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.11 17:40:41 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\elsterformular
[2011.11.30 19:03:49 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\gtk-2.0
[2012.02.11 02:28:51 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\Simply Super Software
[2011.08.03 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\joker\AppData\Roaming\Steinberg
[2012.02.11 01:15:18 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

markusg 11.02.2012 11:08
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [{9584D965-BA1A-11E0-B323-806E6F6E6963}] C:\Users\joker\AppData\Roaming\Microsoft\torrent.exe ()
 :Files
C:\Users\joker\AppData\Roaming\Microsoft\torrent.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

posta 11.02.2012 13:54
gut, scheint zu klappen! vielen dank für deine hilfe!

markusg 11.02.2012 16:02
wer sagte wir währen fertig?
der upload fehlt und danach gehts noch weiter...


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131