Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   FakeAlert der Bundespolizei, kein Zugriff auf Desktopicons und Taskleiste (https://www.trojaner-board.de/111628-fakealert-bundespolizei-kein-zugriff-desktopicons-taskleiste.html)

pelobacter 16.03.2012 00:31
FakeAlert der Bundespolizei, kein Zugriff auf Desktopicons und Taskleiste
 
Liebe Forenmitglieder,

ich habe ein Problem mit Malware, die hier im Forum schon oft diskutiert wurde. Zunächst hatte ich eine Fakealert-Meldung (Bundespolizei, 100€ per Ucash etc.). Avira, mein Antivirenproblem blieb inaktiv, fand aber bei einer Systemprüfung einige Malwaredateien. Ich dachte, dass Avira diese Viren beseitigen würde, was aber offensichtlich nicht klappt. Jetzt habe ich keinen Zugriff auf Desktop-Icons. Minimierte Fenster sind nicht in der Taskleiste zu sehen. Die Sprachwahl (DE) ist nicht mehr an die Taskleiste gebunden. Die Takleiste hat die Farbe gewechselt. Das Startmenü funktioniert zwar, aber es werden die letztgewählten Programme nicht mehr angezeigt.

Wie vielfach empfohlen, habe ich OTL.exe laufen lassen und bekam folgende Logs:

Code:
OTL logfile created on: 15.03.2012 23:55:57 - Run 1
OTL by OldTimer - Version 3.2.37.1    Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,85% Memory free
6,16 Gb Paging File | 4,76 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 52,41 Gb Free Space | 36,88% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 123,54 Gb Free Space | 86,39% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-NOTEBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.15 23:39:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012.02.23 21:09:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.12.16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.19 11:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 11:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.11 07:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.20 02:31:32 | 000,742,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.02.16 07:41:22 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.12.10 08:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.01.30 10:07:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\ykx32mpcoinst.dll -- (yksvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.15 20:54:58 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.12 17:25:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.04 05:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.21 04:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=04d1f8e000000000000000265e378611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9A1AAB62-4BF1-4425-BE13-70A53E570F4C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=04d1f8e000000000000000265e378611
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9A1AAB62-4BF1-4425-BE13-70A53E570F4C}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.wolframalpha.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.23 21:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.17 21:27:59 | 000,000,000 | ---D | M]
 
[2009.08.21 10:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.02.07 21:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\73la0nvd.default\extensions
[2010.05.02 13:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\73la0nvd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.09 21:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.08.15 14:50:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.02.23 21:09:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 22:11:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.06 21:08:50 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.15 22:11:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 22:11:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 22:11:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 22:11:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 22:11:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Alex\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Alex\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7941E234-B612-46AC-892C-3641276295DE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9E8EA8-18CF-4C5E-8656-4498666D8EFE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 23:39:34 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.03.14 08:32:26 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 08:32:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 08:32:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 08:32:24 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 08:32:24 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 08:32:24 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.14 08:32:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.02 19:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.02.18 18:08:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.18 18:08:23 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.18 18:08:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.18 18:08:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.18 18:08:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.18 18:08:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 23:39:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.03.15 23:22:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 23:22:21 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 23:22:20 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 23:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 23:22:09 | 3184,115,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.15 07:55:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.15 07:11:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.15 03:28:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012.03.15 03:20:36 | 000,401,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 23:08:04 | 000,000,900 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.005053004728802435h7i.exe.lnk
[2012.03.14 23:01:10 | 000,000,898 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.09299577402980308h7i.exe.lnk
[2012.02.27 21:37:26 | 000,465,743 | ---- | M] () -- C:\Users\Alex\Desktop\FLT_P2EKNV992_0.pdf
[2012.02.27 21:25:12 | 000,465,393 | ---- | M] () -- C:\Users\Alex\Desktop\FLT_ZRO1D3992_0.pdf
[2012.02.26 17:28:21 | 003,844,992 | ---- | M] () -- C:\Users\Alex\Desktop\Uni Konstanz und die Rüstungsindustrie.mp3
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.20 11:39:03 | 000,685,962 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.20 11:39:03 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.20 11:39:03 | 000,150,230 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.20 11:39:03 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.15 20:54:58 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[1 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.14 23:08:04 | 000,000,900 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.005053004728802435h7i.exe.lnk
[2012.03.14 23:01:10 | 000,000,898 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.09299577402980308h7i.exe.lnk
[2012.03.02 19:06:13 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.02 19:06:12 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.27 21:37:26 | 000,465,743 | ---- | C] () -- C:\Users\Alex\Desktop\FLT_P2EKNV992_0.pdf
[2012.02.27 21:25:12 | 000,465,393 | ---- | C] () -- C:\Users\Alex\Desktop\FLT_ZRO1D3992_0.pdf
[2012.02.26 17:28:21 | 003,844,992 | ---- | C] () -- C:\Users\Alex\Desktop\Uni Konstanz und die Rüstungsindustrie.mp3
[2011.06.25 08:49:53 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011.04.02 15:31:46 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011.04.02 15:31:46 | 000,004,155 | ---- | C] () -- C:\Windows\unins000.dat
[2010.05.02 20:45:38 | 000,160,141 | ---- | C] () -- C:\Windows\hpoins14.dat
 
========== LOP Check ==========
 
[2012.02.06 21:08:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Babylon
[2011.01.16 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox
[2011.04.02 16:29:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FFSJ
[2011.03.06 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FRITZ!
[2012.02.06 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Finder
[2009.11.05 09:54:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011.09.09 21:38:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Philipp Winterberg
[2011.03.05 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\UCSB
[2012.03.15 07:55:37 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >


Code:
OTL Extras logfile created on: 15.03.2012 23:55:57 - Run 1
OTL by OldTimer - Version 3.2.37.1    Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,85% Memory free
6,16 Gb Paging File | 4,76 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 52,41 Gb Free Space | 36,88% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 123,54 Gb Free Space | 86,39% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-NOTEBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EEBE49B-82BD-47F5-AF0C-3E5DD690FABA}" = lport=138 | protocol=17 | dir=in | app=system |
"{278C37A3-B383-46E6-B46F-920B274612FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{48BE4F19-5DBB-42F7-9840-13AE6E011701}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CB2137F-2AFB-4646-9DE7-9C5CC66DB423}" = rport=138 | protocol=17 | dir=out | app=system |
"{A65D2D46-45E6-4AB5-9746-E96694661324}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AAB0BD41-4208-483B-9BA6-754582D4FB91}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4D7B22F-EDB2-4E91-BD98-304AC3BBDC41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DC1F5D32-553D-487E-846E-0A7185272224}" = lport=139 | protocol=6 | dir=in | app=system |
"{F21B14AE-8888-45B6-9216-5BE43EA86D6F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5247E09-A578-48CA-AE46-6A6E9DBFAE89}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8F0797-8BC6-465A-B01F-826825B31A76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1DB4ED97-8B8F-448B-805B-8650A48033C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BA3B33A-1D6E-44DC-A748-5EBF8CD8DECF}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{6DCCEC3F-9D0A-482A-A631-1EB59A9F201B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{87DABAAD-0CFA-48DD-AB0D-F34E56CB1A40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AEE6FC99-84C3-469D-9E60-D97E5AE94654}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe |
"{C291508C-F7BD-498B-834D-6F6FCD15C4E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4F6C123-B92B-4DD0-8063-89C997C29770}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{CA2A9253-05A7-4A06-B9AC-5FFA2D39777E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA1EFA5F-83FD-40DC-99A1-396E4496C5CD}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{31B4239B-18F2-4A52-924F-BA1D93AAF607}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{34BE50F0-BA7A-4750-B653-7ABAE1D843A5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{4F6AE957-47E9-4114-B6F3-3B8669C253DA}C:\users\alex\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{537C1327-FBC7-4086-B265-756B083FA162}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"TCP Query User{90D379FE-2C95-49E0-9DEB-F1AF9B7B9F3A}C:\users\alex\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{C0BE8B9B-10A1-4338-9268-013499375FB3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EF00DD9F-5E65-444A-9F47-29CE7C23BD36}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{07FF1432-A442-4D1E-B174-9DA9A73292DD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{3B8D445D-D460-42E5-B39F-F6D0D8AA18CD}C:\users\alex\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{77B4322F-4774-4D6A-A40A-862D7990208D}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{7C013827-2FC6-4D87-A44C-E584F0E5BB2E}C:\users\alex\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{BD56A0D9-EAD7-4AA7-8870-945BF3B72207}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C81DDCEE-B99D-4438-8EDC-88613ED84364}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe |
"UDP Query User{EB43A9F5-36A5-4789-8CCD-D186931B448D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{027CC103-7CBD-3091-BD05-61C3B39C5F41}" = CCC Help French
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05C866EC-C6E6-B63B-5E93-310048EA28F4}" = ccc-utility
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13C3016D-EDE0-A37F-1F01-DAFB618DA715}" = CCC Help Greek
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{16119AAC-9FE5-8BDC-6DEF-F52576AF1649}" = CCC Help Czech
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{20226F96-074F-CA03-3FDB-48EA38F99A34}" = CCC Help English
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F0B0B99-2AF4-0A85-4E37-F45C48CC0B21}" = CCC Help Swedish
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{312E49B1-3621-C991-7A6F-E3B30CCA9E6B}" = CCC Help Turkish
"{31B1789F-00B9-D898-1578-CE4CD0EF205B}" = CCC Help Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3B240B92-3596-9F6F-2D1D-2E031D50F5DC}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{47F081A8-64F6-C280-A694-5637817B8904}" = Catalyst Control Center Graphics Light
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{506CEF40-A02C-D047-3F75-0FB34AFCCEE7}" = CCC Help Hungarian
"{52797A98-AB5F-2715-BAB9-256085988154}" = Catalyst Control Center Graphics Previews Vista
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{581FE9BC-4A4F-85D9-7308-09DCD7817C29}" = ccc-core-static
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{65A5CA1A-16CF-0FE2-2452-ED6D625AD58F}" = Skins
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70E893FF-56BB-8AF3-64E4-54A49F9F896E}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FE0877D-B669-F5E1-1842-0E9676F03A7A}" = Catalyst Control Center Core Implementation
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{836A12E6-3418-593C-DC70-B7E7048C44F2}" = CCC Help Dutch
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94815A13-F1B8-1384-0F0A-A8E4CE6EA62B}" = CCC Help Thai
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A230C543-7D98-D7CF-91EF-280081A0DDD2}" = CCC Help Japanese
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6BEDC5B-ABF7-FADF-8D0F-0FF1FEF34C87}" = CCC Help Chinese Traditional
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFB6EECF-0CA4-9C01-C48A-6F0E5BB0FE74}" = Catalyst Control Center Localization All
"{B00EE7D4-8D4C-CE86-D1DF-5B9D026C13F5}" = CCC Help Russian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD9F153A-E812-B910-EA23-1BFEF07D3352}" = CCC Help Korean
"{BE12D93E-0C6E-7DDD-0838-667326C287A1}" = CCC Help German
"{C0E2DFB6-3D76-8BAD-62DF-47871AF6A5A4}" = CCC Help Polish
"{C343B6AD-A23C-8138-35CE-883DE2DEAFE7}" = CCC Help Finnish
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi Software
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DDF998C0-099C-5D46-9985-5730306330A9}" = CCC Help Spanish
"{DEB8C753-9CB6-1BD1-34BA-4ED9382755E9}" = ATI Catalyst Install Manager
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED97F2D3-7BCF-E0B4-E8C6-0F6BA058CA95}" = CCC Help Portuguese
"{EEFB5B34-DEF9-0BF4-89A9-AB62320AA44E}" = Catalyst Control Center Graphics Full New
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5115AA1-78F1-EBBC-4888-A10310FD4A6A}" = CCC Help Italian
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD458F33-C5A9-3E69-425C-129F21B3ADF9}" = CCC Help Norwegian
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Free RAR Extract Frog" = Free RAR Extract Frog
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"PC-Bibliothek Express" = PC-Bibliothek Express
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealAlt_is1" = Real Alternative 1.47
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"VLC media player" = VLC media player 1.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OpenOffice.org 1.1.5" = OpenOffice.org 1.1.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2012 09:51:54 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 04.03.2012 13:31:08 | Computer Name = Alex-Notebook | Source = EventSystem | ID = 4621
Description =
 
Error - 04.03.2012 18:21:39 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 05.03.2012 14:48:33 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 05.03.2012 18:29:56 | Computer Name = Alex-Notebook | Source = EventSystem | ID = 4621
Description =
 
Error - 06.03.2012 05:36:35 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 06.03.2012 06:20:49 | Computer Name = Alex-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 06.03.2012 16:49:02 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 07.03.2012 15:25:55 | Computer Name = Alex-Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 07.03.2012 19:11:54 | Computer Name = Alex-Notebook | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 14.03.2012 18:11:24 | Computer Name = Alex-Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.03.2012 18:15:38 | Computer Name = Alex-Notebook | Source = Service Control Manager | ID = 7022
Description =
 
Error - 14.03.2012 18:19:24 | Computer Name = Alex-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 14.03.2012 22:20:51 | Computer Name = Alex-Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.03.2012 22:23:26 | Computer Name = Alex-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 15.03.2012 02:21:33 | Computer Name = Alex-Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.03.2012 02:22:11 | Computer Name = Alex-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 15.03.2012 02:55:29 | Computer Name = Alex-Notebook | Source = DCOM | ID = 10010
Description =
 
Error - 15.03.2012 18:23:55 | Computer Name = Alex-Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.03.2012 18:25:43 | Computer Name = Alex-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >

Ich hoffe dieses Hilfegesuch ist an der richtigen Stelle im Forum. Leider verstehe ich nicht viel von Computern und bitte daher mich bei der Beiseitigung zu unterstützen. Vielen Dank im Voraus.

Schönes Wochenende, Alex

cosinus 16.03.2012 18:23
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

pelobacter 17.03.2012 14:44
Hallo Arne!

Vielen Dank für deine Hilfe. Ich habe den Malwarebytes-Vollscan gemacht und es hatte 14 Treffer, die alle entfernt wurden. Zwischendurch hat Malwarebytes einen Angriff verhindert. Dann habe ich nochmals einen Scan gemacht, bei dem nichts gefunden wurde. Nach Entfernung der Malware hat sogar mein Antivir einige Meldungen gehabt. Ich verstehe von diesen Dingen nur wenig aber mir kommt es vor, als hätte vor einiger Zeit Malware mein Antivir behindert, so dass sich umso mehr Malware ansammeln konnte. Ich gebe zu, dass ich mir um so etwas nie groß gekümmert, da nie etwas passiert ist. Kann man daraus also schlussfolgern, dass Antivir nur unzureichenden Schutz bietet ?

Wie dem auch sei, hier sind die Logs von Malwarebytes.

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-NOTEBOOK [Administrator]

Schutz: Aktiviert

16.03.2012 22:30:00
mbam-log-2012-03-16 (22-30-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325052
Laufzeit: 1 Stunde(n), 38 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 2
C:\Users\Alex\AppData\Local\Temp\0.005053004728802435h7i.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Alex\AppData\Local\Temp\0.09299577402980308h7i.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Gut: ("%1" /S) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Alex\AppData\Local\Temp\0.005053004728802435h7i.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Alex\AppData\Local\Temp\0.09299577402980308h7i.exe (Trojan.Ransom.BP) -> Löschen bei Neustart.
C:\Users\Alex\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\619c95c2-545e68b3 (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.005053004728802435h7i.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.09299577402980308h7i.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-NOTEBOOK [Administrator]

Schutz: Aktiviert

17.03.2012 10:15:28
mbam-log-2012-03-17 (10-15-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324081
Laufzeit: 1 Stunde(n), 18 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Mein Compouter verhält sich soweit ganz normal. Aber ich werde noch dies mit ESET in Angriff nehmen.

Vielen Dank Arne!

cosinus 19.03.2012 14:42
Hast du ESET schon an Angriff genommen?

pelobacter 22.03.2012 22:24
Hallo Arne!

Entschuldige die Verzögerung, aber ich war einige Zeit nicht zu Hause am Computer. Ich habe den ESET-Scan durchgeführt und es gab noch Funde, wobei diese mir eher unverdächtig vorkommen.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0609a28404e09343bbade6fcbc99a564
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-22 09:10:06
# local_time=2012-03-22 10:10:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 10028438 10028438 0 0
# compatibility_mode=5892 16776573 100 100 77855 169974762 0 0
# compatibility_mode=8192 67108863 100 0 3704 3704 0 0
# scanned=153472
# found=10
# cleaned=0
# scan_time=8571
C:\$Recycle.Bin\S-1-5-21-2557933318-333123149-1751562714-1000\$RA8RS4V.exe        a variant of Win32/Adware.MediaFinder.B application (unable to clean)        00000000000000000000000000000000        I
C:\$Recycle.Bin\S-1-5-21-2557933318-333123149-1751562714-1000\$RB95ZFA.exe        a variant of Win32/Adware.MediaFinder.B application (unable to clean)        00000000000000000000000000000000        I
C:\$Recycle.Bin\S-1-5-21-2557933318-333123149-1751562714-1000\$RE3JJXC.exe        a variant of Win32/Adware.MediaFinder.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\Local\Babylon\Setup\Setup.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\Local\Temp\5919A90C-BAB0-7891-8004-0482648F6F2E\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\Local\Temp\5919A90C-BAB0-7891-8004-0482648F6F2E\Setup.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\Local\Temp\is-GONBF.tmp\Babylon.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40f44a3c-57f698bc        a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Alex\Desktop\Documents\Grüne\Formatierung\Nero German-Dvt\Nero.Premium.Edition.v7.10.1.0.German-DVT\Nero-7.10.1.0_deu_trial.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

Ich hoffe das Log ist aussagekräftig. Danke für deine Unterstützung.

Beste Grüße,
Alex

cosinus 23.03.2012 21:15
Zitat:
C:\Users\Alex\Desktop\Documents\Grüne\Formatierung\Nero German-Dvt\Nero.Premium.Edition.v7.10.1.0.German-DVT\
Aus welcher Quelle stammt das? :balla:

pelobacter 24.03.2012 15:41
Hi Arne!

Das ist wohl ein Programm zum CD-brennen, das ich vor Jahren heruntergeladen habe - möglicherweise aus nicht-vertrauenswürdiger Quelle (Goldesel ?) . Der Ordner 'Formatierung' enthält etliche .exe-Dateine zur eventuellen Neuinstallation. Das ist aber längst überholt, daher habe ich den ganze Ordner gelöscht. Das Programm war nicht installiert auf diesem Laptop und stammte von 2009. Sollte dies das Einfallstor gewesen sein ?

cosinus 24.03.2012 18:52
Zitat:
Sollte dies das Einfallstor gewesen sein ?
Ja. Quelle: Goldesel, pass auch zum Ordnernamen :pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

pelobacter 25.03.2012 14:59
Hi Arne!

Vielen Dank für deinen Hinweis und für die Hilfe.

Beste Grüße
Alex


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131