Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Polizei Virus Österreich mit Webcam (https://www.trojaner-board.de/122709-polizei-virus-osterreich-webcam.html)

pressel 24.08.2012 09:24
Polizei Virus Österreich mit Webcam
 
Liebe Leute!
Habe mir auch dieses Polizei-Virus eingefangen. Österreichisches Polizei-Logo, Aufforderung 100 € zu zahlen und aktivierte Webcam. Habe in der Zwischenzeit mit AVIRA 4 Dateien gelöscht. Das war dem Virus egal. Danach habe ich eine Systemwiederherstellung gemacht, jetzt funktioniert wieder alles. Bin mir aber sehr unsicher, ob das Virus nun noch auf meinem Computer schlummert. Hab zur Sicherheit bisher alle Seiten mit Passwort-Eingabe vermieden!
Bitte um Hilfe - was kann ich machen!?
Danke schon jetzt!
Lg

t'john 24.08.2012 14:38
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

pressel 26.08.2012 13:38
Hallo t'john!
Vielen Dank für deine Hilfe!
Anbei die Logs!
LG

t'john 27.08.2012 02:06
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
PRC - C:\Windows\Temp\Password .exe (Freecom)
DRV - (klmouflt) -- system32\DRIVERS\klmouflt.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (kl2) -- system32\DRIVERS\kl2.sys File not found
DRV - (KL1) -- system32\DRIVERS\kl1.sys File not found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {5E4CAA8F-1A78-47B6-A29D-6905957D8D7B}
IE - HKLM\..\SearchScopes\{5E4CAA8F-1A78-47B6-A29D-6905957D8D7B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5E4CAA8F-1A78-47B6-A29D-6905957D8D7B}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\Shell - "" = AutoRun
O33 - MountPoints2\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\Shell - "" = AutoRun
O33 - MountPoints2\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\Shell - "" = AutoRun
O33 - MountPoints2\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

[2012.08.26 12:17:14 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password .lnk
[2012.08.23 21:34:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C3AE45C9

[2011.04.28 00:01:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files


C:\Users\Klemens Figlhuber\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Klemens Figlhuber\AppData\Local\Temp\*.exe
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

pressel 27.08.2012 09:24
Hier das Log:

Code:
All processes killed
========== OTL ==========
No active process named Password .exe was found!
Error: No service named klmouflt was found to stop!
Service\Driver key klmouflt not found.
File  system32\DRIVERS\klmouflt.sys File not found not found.
Error: No service named KLIF was found to stop!
Service\Driver key KLIF not found.
File  system32\DRIVERS\klif.sys File not found not found.
Error: No service named kl2 was found to stop!
Service\Driver key kl2 not found.
File  system32\DRIVERS\kl2.sys File not found not found.
Error: No service named KL1 was found to stop!
Service\Driver key KL1 not found.
File  system32\DRIVERS\kl1.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Programme\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E4CAA8F-1A78-47B6-A29D-6905957D8D7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E4CAA8F-1A78-47B6-A29D-6905957D8D7B}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
C:\Programme\Windows Live\Companion\companioncore.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FreeFallProtection deleted successfully.
C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000036B-C524-4050-81A0-243669A86B9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000036B-C524-4050-81A0-243669A86B9F}\ not found.
File C:\Programme\Windows Live\Companion\companioncore.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{131efb7c-b149-11e1-b358-c0cb38c74bbc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eabdd5c-877c-11e0-abf7-c0cb38c74bbc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eabdd86-877c-11e0-abf7-c0cb38c74bbc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password .lnk moved successfully.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
ADS C:\ProgramData\Temp:C3AE45C9 deleted successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\DataCard_Setup.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\GLFB2FE.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\GoogleUpdate.exe20c5e moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\i4jdel0.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\IPx86_1031.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\~convert3035185525280637188.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\Local\Temp\~convert8972414766914716480.exe moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Klemens Figlhuber\Desktop\cmd.bat deleted successfully.
C:\Users\Klemens Figlhuber\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Klemens Figlhuber
->Temp folder emptied: 622698263 bytes
->Temporary Internet Files folder emptied: 2123534396 bytes
->Google Chrome cache emptied: 29436600 bytes
->Flash cache emptied: 1386 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202849308 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.841,00 mb
 
 
OTL by OldTimer - Version 3.2.59.0 log created on 08272012_095928

Files\Folders moved on Reboot...
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[3].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\op,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Middle2[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\Top,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Right1[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O8ZG56NP\Top,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Right2[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GPAFVJDZ\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GPAFVJDZ\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GPAFVJDZ\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GPAFVJDZ\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GPAFVJDZ\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\14@Top,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Top[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\81a81,hardware,ax.20-idgt.hardware_l;;sec=article;fold=above;tile=;sz=160x600;net=idgt;ord1=744318;contx=hardware;an=20;dc=w;btg=idgt.hardware_l;ord=2840416987289785[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=1;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8648430751095353[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[2].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\D3ETVGRY\op,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Middle3[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\dT3dFIxafAIIGxkg3NzzsWJOa26PxAsSOAca3GXYpeQ1eus_DUVi7iObVt0J4XLUWZc69h0VQiALMSYfhenQMuX5_qNESPCOehkC5Mtl4ax03mVAiQ9uGAso4Q9mvklqRPwUX5GbUO7CxVXrsjCc3XW4_iW125TRLZpI[1].gif not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=2;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=8646856132949172[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\ec=4;ni_fash=4;ni_fina=4;na_news=2;nd_dcb=5;nd_dcd=2;nd_dcp=2;frq=3;co_bahn=0;nd_dcs=3;be_dreidtv=0;ct_ink=1;ct_inl=1;ct_po=1;ct_inc=1;ct_ron=1;;ord=6016257403938674[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\op,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Middle1[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\op,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Middle4[1].js not found!
File\Folder C:\Users\Klemens Figlhuber\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5UE1GV9E\op,Top1,Top3,Middle1,Middle2,Middle3,Middle4,Middle5,Middle6,Middle7,Middle9,Middle10,Right1,Right2,Right3,Position1,Position2,Position3,Position4,BottomLeft!Middle5[1].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 27.08.2012 17:53
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

pressel 27.08.2012 23:24
Vielen Dank! Rechner läuft gut, keine Auffälligkeiten!

Hier die Logs:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.27.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Klemens Figlhuber :: ZUKUNFTEINKAUF [Administrator]

Schutz: Aktiviert

27.08.2012 12:54:03
mbam-log-2012-08-27 (12-54-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 398955
Laufzeit: 1 Stunde(n), 11 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
sowie:

Code:
# AdwCleaner v1.801 - Logfile created 08/28/2012 at 00:18:27
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Klemens Figlhuber - ZUKUNFTEINKAUF
# Boot Mode : Normal
# Running from : C:\Users\Klemens Figlhuber\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Klemens Figlhuber\AppData\Local\Conduit
Folder Found : C:\Users\Klemens Figlhuber\AppData\LocalLow\Conduit
Folder Found : C:\Users\Klemens Figlhuber\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Klemens Figlhuber\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\Klemens Figlhuber\AppData\LocalLow\Vuze_Remote
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Vuze_Remote
Folder Found : C:\Program Files\Vuze_Remote
Folder Found : C:\ProgramData\Premium

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Vuze_Remote

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF0169F4-CBF5-4FD3-8122-01A22B532B50}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1E14FE4-A41A-47F3-B296-6A1144754A01}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{948DFAC7-CE33-4A94-BD6D-E1758F86B4DF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20D62103-B977-4DAE-83CE-A70E9FBF6580}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF0169F4-CBF5-4FD3-8122-01A22B532B50}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Klemens Figlhuber\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2717 octets] - [28/08/2012 00:18:27]

########## EOF - C:\AdwCleaner[R1].txt - [2845 octets] ##########

t'john 28.08.2012 19:04
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

pressel 29.08.2012 00:29
Hallo!
Anbei die Logs:

Code:
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 00:07:47
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Klemens Figlhuber - ZUKUNFTEINKAUF
# Boot Mode : Normal
# Running from : C:\Users\Klemens Figlhuber\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Klemens Figlhuber\AppData\Local\Conduit
Folder Deleted : C:\Users\Klemens Figlhuber\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Klemens Figlhuber\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Klemens Figlhuber\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Vuze_Remote

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF0169F4-CBF5-4FD3-8122-01A22B532B50}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1E14FE4-A41A-47F3-B296-6A1144754A01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{948DFAC7-CE33-4A94-BD6D-E1758F86B4DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20D62103-B977-4DAE-83CE-A70E9FBF6580}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF0169F4-CBF5-4FD3-8122-01A22B532B50}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Klemens Figlhuber\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2846 octets] - [28/08/2012 00:18:27]
AdwCleaner[S1].txt - [2673 octets] - [29/08/2012 00:07:47]

########## EOF - C:\AdwCleaner[S1].txt - [2801 octets] ##########

sowie

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.08.2012 00:21:19

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        29.08.2012 00:21:55

C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3lb.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3la.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3le.class        gefunden: Exploit.Java.Blacole!E2
C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3lc.class        gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3ld.class        gefunden: Exploit.Java.Blacole!E2
C:\Users\Klemens Figlhuber\AppData\Roaming\1023B\B5EF.023        gefunden: Backdoor.Win32.Cycbot!E2
C:\Program Files\WinRAR\Zip.SFX        gefunden: Trojan-Spy.Win32.Delf!E1

Gescannt        639805
Gefunden        7

Scan Ende:        29.08.2012 01:26:02
Scan Zeit:        1:04:07

C:\Program Files\WinRAR\Zip.SFX        Quarantäne Trojan-Spy.Win32.Delf!E1
C:\Users\Klemens Figlhuber\AppData\Roaming\1023B\B5EF.023        Quarantäne Backdoor.Win32.Cycbot!E2
C:\_OTL\MovedFiles\08272012_095928\C_Users\Klemens Figlhuber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72c6285c-619769fd -> hk3la\hk3lc.class        Quarantäne Exploit.Java.CVE-2012!E2

Quarantäne        3
Habe die gefundenen Objekte in die Quarantäne gesteckt.

t'john 29.08.2012 01:51
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

pressel 29.08.2012 08:43
Hallo t'john!
Nochmals danke für deine Hilfe. Nach dem Laufen von Combofix konnte ich vorerst keine Datei öffnen (Fehlermeldung ungefähr so: Es wurde ein Registrierungsschlüssel verwendet für einen Vorgang der zum Löschen vorbereitet wurde.) Das kam beim Öffnen von Programmen (IE) oder auch bei excel-dateien, etc.
Habe dann den Rechner nochmals neu gestartet, dann hat wieder alles funktioniert. Hoffe, das ist normal??
Hier noch die Logs:

Code:
ComboFix 12-08-28.03 - Klemens Figlhuber 29.08.2012  9:10.1.4 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.43.1031.18.2999.1787 [GMT 2:00]
ausgeführt von:: c:\users\Klemens Figlhuber\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\KLEMEN~1\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Klemens Figlhuber\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\npf.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-28 bis 2012-08-29  ))))))))))))))))))))))))))))))
.
.
2012-08-28 22:14 . 2012-08-28 23:32        --------        d-----w-        c:\program files\Emsisoft Anti-Malware
2012-08-27 07:59 . 2012-08-27 07:59        --------        d-----w-        C:\_OTL
2012-08-26 09:31 . 2012-08-26 09:31        --------        d-----w-        c:\users\Klemens Figlhuber\AppData\Roaming\Malwarebytes
2012-08-26 09:31 . 2012-08-26 09:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-26 09:31 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-26 09:31 . 2012-08-26 09:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-15 19:24 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 19:24 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 19:24 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 19:24 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 19:24 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 19:24 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 19:24 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 07:15 . 2012-08-28 21:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2108D8CF-3C67-48A0-9C82-3F8A02EEDA82}\mpengine.dll
2012-08-14 18:19 . 2012-03-30 06:27        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-14 18:19 . 2011-05-19 16:02        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 06:49 . 2012-06-06 06:49        1070152        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-11 07:07        1390080        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:07        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:07        805376        ----a-w-        c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 06:25        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:25        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:25        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:25        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:25        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:25        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 06:25        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:25        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 06:25        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 07:07        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:08        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:08        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:07        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:08        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2011-04-27 12:55        237072        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Klemens Figlhuber\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Klemens Figlhuber\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Klemens Figlhuber\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-07 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-07 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-07 170520]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-12 5249024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\users\Klemens Figlhuber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Klemens Figlhuber\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli DPPWDFLT
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:19]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 11:54]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 11:54]
.
2012-08-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-08-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: austrotherm.at\gw
Trusted Zone: sih.co.at\owa
TCP: DhcpNameServer = 213.229.41.69 213.229.41.70
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.wu.ac.at/CACHE/stc/2/binaries/vpnweb.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\DPPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(1348)
c:\users\Klemens Figlhuber\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-29  09:26:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-29 07:26
.
Vor Suchlauf: 12 Verzeichnis(se), 66.424.164.352 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 66.573.963.264 Bytes frei
.
- - End Of File - - 69A00F3E0ADBB320B3E1D923788C509B
und

Code:
A1 Dashboard
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1.2 - Deutsch
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Cisco AnyConnect VPN Client
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (DV)
Citrix Receiver (HDX Flash-Umleitung)
Citrix Receiver (USB)
Citrix Receiver Inside
Citrix Receiver(Aero)
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Support Center
Dell Touchpad
Dell Webcam Central
DigitalPersona Personal 4.01
DirectX 9 Runtime
Dropbox
DW WLAN Card Utility
Emsisoft Anti-Malware
FileZilla Client 3.5.0
Google Earth Plug-in
Google Update Helper
HappyFoto-Designer 4.4
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Online Plug-in
PhotoShowExpress
QuickSet32
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Self-Service Plug-in
Skype Toolbars
Skype™ 5.3
Sonic CinePlayer Decoder Pack
TuneUp Companion 2.2.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Validity Sensors DDK
VLC media player 1.1.9
Vuze
WIDCOMM Bluetooth Software
Winamp
Winamp Erkennungs-Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-Bit)

t'john 29.08.2012 20:04
Ja, das is normal!

ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

pressel 29.08.2012 22:41
Hier das Logfile:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a5ea1f7c43ab694aa4ec8a0d0c5f84da
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-29 09:37:54
# local_time=2012-08-29 11:37:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 97901472 0 0
# compatibility_mode=8192 67108863 100 0 93 93 0 0
# scanned=223951
# found=0
# cleaned=0
# scan_time=5993

t'john 29.08.2012 23:14
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

pressel 30.08.2012 11:08
Hallo!
Hier die Anzeige nach dem PluginCheck:

Internet Explorer 9.0 ist aktuell

Flash 11,3,300,271 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.

Adobe Reader 9,1,2,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3

LG


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:05 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19