Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windowslizenz abgelaufen Malware eingefangen und keine Ahnung was wie zu tun ist (https://www.trojaner-board.de/115113-windowslizenz-abgelaufen-malware-eingefangen-keine-ahnung-tun.html)

Nadesha 14.05.2012 12:13
Windowslizenz abgelaufen Malware eingefangen und keine Ahnung was wie zu tun ist
 
Hallo zusammen,

auch mich hat es erwischt. Mein Netbook zeigt an meine Windows Lizenz wäre abgelaufen. Leider bin ich nicht der Vollprofi, was sowas angeht, weshalb ich mich an euch wende.

Ich habe bereits einige der hier schon erstellten Themen zu diesem Problem gelesen, aber so ganz sicher bin ich mir leider noch nicht.
Nennt mich doof, aber mein Netbook hat ja leider kein Laufwerk, also wäre es wirklich herzallerliebst, wenn mir jemand weiterhelfen könnte wie ich jetzt genau vorgehe.

Lieben Dank schon mal

Nadesha

Chris4You 14.05.2012 12:40
Hi,

OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

Nadesha 14.05.2012 12:45
Herzlichen Dank schon mal. Be jetzt leider zu viel zu tun, werde es heute Abend zu Hause aber sofort machen und dann hier Posten.

Nadesha 18.05.2012 20:08
So, endlich Zeit gehabt.

odt.txt:


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,37 Gb Total Space | 48,91 Gb Free Space | 58,66% Space Free | Partition Type: NTFS
Drive D: | 55,58 Gb Total Space | 24,96 Gb Free Space | 44,90% Space Free | Partition Type: NTFS
Drive W: | 10,00 Gb Total Space | 3,36 Gb Free Space | 33,58% Space Free | Partition Type: NTFS

Computer Name: DEFAULT-MSI | User Name: Default | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Default.Default-msi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\pdf.dll ()
MOD - C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\avutil-50.dll ()
MOD - C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\avformat-52.dll ()
MOD - C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\avcodec-52.dll ()
MOD - C:\Program Files\WinRAR 3.61 Multi\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (BTMUSB) -- System32\Drivers\btmusb.sys File not found
DRV - (btmhid) -- C:\Windows\system32\DRIVERS\btmhid.sys File not found
DRV - (BTMCOM) -- C:\Windows\System32\Drivers\btmcom.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BEDC96F8-549A-4EC2-8FAA-6B807CAC9F94}
IE - HKLM\..\SearchScopes\{BEDC96F8-549A-4EC2-8FAA-6B807CAC9F94}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {BEDC96F8-549A-4EC2-8FAA-6B807CAC9F94}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.http: "62.141.42.210"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.05 16:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.10 16:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.22 15:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 09:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.18 13:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.16 09:36:10 | 000,000,000 | ---D | M]

[2011.01.31 13:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Extensions
[2011.01.31 13:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.26 13:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Firefox\Profiles\68d6l99u.default\extensions
[2011.03.25 09:14:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Firefox\Profiles\68d6l99u.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.03 08:57:25 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Firefox\Profiles\68d6l99u.default\extensions\fastdial@telega.phpnet.us
[2011.05.26 13:03:32 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Default.Default-msi\AppData\Roaming\mozilla\Firefox\Profiles\68d6l99u.default\extensions\twitternotifier@naan.net
[2011.05.21 14:00:45 | 000,000,950 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin-1.xml
[2011.03.23 16:31:43 | 000,000,950 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin-2.xml
[2011.05.04 19:57:41 | 000,000,950 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin-3.xml
[2011.02.20 12:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin.gif
[2011.02.20 12:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin.src
[2011.03.21 19:39:12 | 000,001,056 | ---- | M] () -- C:\Users\Default.Default-msi\AppData\Roaming\Mozilla\Firefox\Profiles\68d6l99u.default\searchplugins\icqplugin.xml
[2012.03.12 15:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.09 14:39:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.08 08:03:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.03.12 15:30:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.01.05 16:10:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.10 16:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.04 19:54:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.12 15:30:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.23 16:30:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.23 16:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.23 16:30:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.23 16:30:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 16:30:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.23 16:30:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\Application\11.0.696.71\gears.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Stitches = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\annpjgednbdhheijbefcpeaipapajkof\1.0_0\locked-.ulvp
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\locked-.bikb
CHR - Extension: Silver Bird = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.8_0\locked-.rbiy
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\locked-.yysr
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Default.Default-msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.ntjx

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EasyFace Agent] C:\Program Files\msi\EasyFace Logon\KillAutoAP.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [18369B06] C:\Users\Default.Default-msi\AppData\Roaming\Ljqfng\7AAB6A7318369B06B85B.exe (cola coca cia)
O4 - Startup: C:\Users\Default.Default-msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Default.Default-msi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default.Default-msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33463DBC-DEFE-4BEA-96CF-FEB201ABB4DE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8CB281-E17E-40E0-A0BC-63C66A409A28}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60A12A0F-D433-40AE-B673-2640605FD840}: DhcpNameServer = 10.111.81.129 10.129.32.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.13 17:09:28 | 000,000,000 | ---D | C] -- C:\8be331615810650bc2edadca
[2012.05.10 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\Default.Default-msi\AppData\Roaming\Ljqfng
[2012.05.10 09:08:16 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2012.05.18 20:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.18 20:28:20 | 1601,867,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.18 20:24:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.13 17:11:47 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 17:11:47 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 17:11:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 17:11:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.10 16:10:15 | 000,065,707 | ---- | M] () -- C:\Users\Default.Default-msi\Desktop\Easynotebooks-Rechnung.zip
[2012.05.10 16:09:27 | 000,002,183 | ---- | M] () -- C:\Users\Default.Default-msi\locked-.recently-used.xbel.nfcp
[2012.05.10 16:09:27 | 000,000,170 | ---- | M] () -- C:\Users\Default.Default-msi\locked-.gtk-bookmarks.icyk
[2012.05.10 15:50:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.09 22:26:39 | 002,365,423 | ---- | M] () -- C:\Users\Default.Default-msi\Desktop\IMG_1687.JPG
[2012.05.09 22:26:37 | 002,277,181 | ---- | M] () -- C:\Users\Default.Default-msi\Desktop\IMG_1686.JPG
[2012.05.09 22:26:29 | 002,110,998 | ---- | M] () -- C:\Users\Default.Default-msi\Desktop\IMG_1685.JPG
[2012.05.08 11:44:17 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 11:44:17 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2012.05.10 16:10:01 | 000,065,707 | ---- | C] () -- C:\Users\Default.Default-msi\Desktop\Easynotebooks-Rechnung.zip
[2012.05.10 15:53:22 | 002,365,423 | ---- | C] () -- C:\Users\Default.Default-msi\Desktop\IMG_1687.JPG
[2012.05.10 15:53:18 | 002,277,181 | ---- | C] () -- C:\Users\Default.Default-msi\Desktop\IMG_1686.JPG
[2012.05.10 15:52:34 | 002,110,998 | ---- | C] () -- C:\Users\Default.Default-msi\Desktop\IMG_1685.JPG
[2011.08.23 18:45:47 | 000,000,436 | ---- | C] () -- C:\Program Files\none184547,61.bat
[2011.03.03 17:52:12 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.02.14 10:50:38 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.14 10:50:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.02.12 16:44:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:49EB0FDC
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AA99C0C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:AF9538BC
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:4CB79ABF
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:BB709C37
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3780BCC3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDA9D806
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A81A05E3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9ECAC3E8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8EB63C9D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:07C99568
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:073139EC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64A7B9DE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ECC979BD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:91A1C0FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E6B1AD87
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71112705
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E9039033
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7079A696
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EF2D54F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E8F2A400
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:122B409D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:59846E5E

< End of report >




Extras:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.05.2012 20:35:11 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Default.Default-msi\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,74% Memory free
3,98 Gb Paging File | 3,53 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,37 Gb Total Space | 48,91 Gb Free Space | 58,66% Space Free | Partition Type: NTFS
Drive D: | 55,58 Gb Total Space | 24,96 Gb Free Space | 44,90% Space Free | Partition Type: NTFS
Drive W: | 10,00 Gb Total Space | 3,36 Gb Free Space | 33,58% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-MSI | User Name: Default | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06895DE2-F552-4754-9A40-F6AB8A1C8AAD}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2AE82B15-3D93-4CF2-9BD8-35A027E406A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5747A923-29C5-4594-9FF1-29ECEB03F946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64F722D3-4A9A-4040-96BD-FF32ECFC8061}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{9C926857-45A3-4846-889B-7216D1FC2774}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F0F0929-3E7A-4705-AAB6-AED4CEAEF277}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A758003E-404E-4437-8EB5-A716D8CE98B7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ADBAAF79-8954-432E-BF2A-EBBBDA4CE3F4}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{B62F0956-04C0-4B79-ADC6-5D3E04943DDD}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{C2127174-AEF4-4517-BACF-D8500237DD45}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{C3BDEDE5-D435-4D78-9E9E-C8D4A7769086}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CCC1FF19-B7C0-4D7E-87A3-8DF59CE9B116}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D12746F2-0F80-4BF4-B2A7-9FEFEAFCE280}" = protocol=17 | dir=in | app=c:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBAD088D-8C84-4A87-AA51-857AF9462B37}" = protocol=6 | dir=in | app=c:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{102A41FF-E0A9-46E5-8E81-5CE90A25DFA1}C:\users\default.default-msi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\default.default-msi\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{4D609932-45E1-4523-AFE2-FF1D1CDEFBC4}C:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7B503D67-4661-47D2-8E92-BF65228234B9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9AC9FD60-3D02-4FAD-A62B-6722A90D2A3A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{F2EEFBED-BB1E-485D-8DFF-E7F5FF3D911E}C:\users\default.default-msi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\default.default-msi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2FCF69D7-6F0E-423C-AF69-02EE3C718C9C}C:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\default.default-msi\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{55EBCD74-E9DE-4E1B-ABB9-239596EE3545}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{856E51A1-92BC-44E8-A701-90E194D63CC4}C:\users\default.default-msi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\default.default-msi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{901BBAC5-9659-4D9C-BCAD-69CA61F2B522}C:\users\default.default-msi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\default.default-msi\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{EB2DAFA9-74A6-4310-89CD-1F4F9D1905FF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{0A960933-4D39-4495-A3F5-E5149943D761}" = EasyFace Logon
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D2FBF608-0AC0-E309-A5EB-9DCD5947A072}" = KIDOZ
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Series of Unfortunate Events" = A Series of Unfortunate Events
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"DivX Setup" = DivX-Setup
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"RealPlayer 15.0" = RealPlayer
"Spooky Mall" = Spooky Mall
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2012 13:42:09 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2684
 
Error - 06.04.2012 13:42:10 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.04.2012 13:42:10 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3682
 
Error - 06.04.2012 13:42:10 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3682
 
Error - 06.04.2012 13:42:11 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.04.2012 13:42:11 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4712
 
Error - 06.04.2012 13:42:11 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4712
 
Error - 06.04.2012 13:42:12 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.04.2012 13:42:12 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5788
 
Error - 06.04.2012 13:42:12 | Computer Name = Default-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5788
 
[ OSession Events ]
Error - 19.07.2011 11:00:57 | Computer Name = Default-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2012 12:51:42 | Computer Name = Default-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 100945
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.03.2012 08:54:58 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:45:15 on ?08.?03.?2012 was unexpected.
 
Error - 16.03.2012 13:25:46 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:04:06 on ?13.?03.?2012 was unexpected.
 
Error - 19.03.2012 04:05:28 | Computer Name = Default-msi | Source = Microsoft-Windows-Kernel-Power | ID = 86
Description = The system was shut down due to a critical thermal event.         
    Shutdown Time = 2012-03-19T08:05:28.947597600Z                ACPI Thermal Zone =
 ACPI\ThermalZone\THRM                _CRT = 373K
 
Error - 19.03.2012 04:38:33 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:05:18 on ?19.?03.?2012 was unexpected.
 
Error - 28.03.2012 02:57:14 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:43:56 on ?27.?03.?2012 was unexpected.
 
Error - 01.04.2012 07:05:20 | Computer Name = Default-msi | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 01.04.2012 15:34:52 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:11:37 on ?01.?04.?2012 was unexpected.
 
Error - 03.04.2012 10:15:09 | Computer Name = Default-msi | Source = DCOM | ID = 10010
Description =
 
Error - 16.04.2012 03:30:52 | Computer Name = Default-msi | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:34:01 on ?11.?04.?2012 was unexpected.
 
Error - 18.04.2012 07:30:14 | Computer Name = Default-msi | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

Chris4You 19.05.2012 16:02
Hi,
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [18369B06] C:\Users\Default.Default-msi\AppData\Roaming\Ljqfng\7AAB6A7318369B06B85B.exe (cola coca cia)
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:49EB0FDC
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8AA99C0C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:AF9538BC
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:4CB79ABF
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:BB709C37
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3780BCC3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDA9D806
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A81A05E3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9ECAC3E8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8EB63C9D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:07C99568
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:073139EC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64A7B9DE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ECC979BD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:91A1C0FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E6B1AD87
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71112705
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E9039033
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7079A696
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP576A536
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EF2D54F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E8F2A400
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:122B409D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:59846E5E

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Nadesha 19.05.2012 18:52
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Ich hoffe das ist jetzt das richtige



Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.05.19.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Default :: DEFAULT-MSI [administrator]

Protection: Enabled

19.05.2012 18:05:47
mbam-log-2012-05-19 (19-51-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295390
Time elapsed: 1 hour(s), 37 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\_OTL\MovedFiles\05192012_174041\C_Users\Default.Default-msi\AppData\Roaming\Ljqfng\7AAB6A7318369B06B85B.exe (Trojan.Agent.SZ) -> No action taken.

(end)

Chris4You 19.05.2012 21:29
Hi,

lass MAM das Teil löschen...
Was macht der Rechner, läuft er wieder normal?

chris

Nadesha 19.05.2012 21:35
Ja, läuft wieder ganz normal.

Herzlichen dank für die Hilfe!!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131