Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA UCASH Sperre (https://www.trojaner-board.de/98399-bka-ucash-sperre.html)

Redshape 28.04.2011 15:05
BKA UCASH Sperre
 
Hi,
mich hat's auch erwischt. Hier die OTL:

Code:
OTL logfile created on: 4/28/2011 4:49:39 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 148.95 Gb Total Space | 75.34 Gb Free Space | 50.58% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/18 20:11:44 | 000,057,640 | ---- | M] () [On_Demand] -- D:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/03/18 20:09:44 | 000,285,232 | ---- | M] () [Auto] -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/03/18 19:59:18 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto] -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/03/18 19:59:18 | 000,326,704 | ---- | M] () [Auto] -- D:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/28 10:47:30 | 000,246,520 | ---- | M] () [Auto] -- D:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/09/22 15:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 15:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/02/24 19:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/12/25 09:57:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\mauzi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\mauzi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\mauzi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\mauzi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 B3 81 89 A0 84 CA 01 [binary data]
IE - HKU\mauzi_ON_D\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\mauzi_ON_D\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\mauzi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 16:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 13:22:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 16:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 13:22:47 | 000,000,000 | ---D | M]
 
[2009/12/24 10:01:47 | 000,000,000 | ---D | M] (No name found) -- D:\Users\mauzi\AppData\Roaming\Mozilla\Extensions
[2011/04/23 07:38:02 | 000,000,000 | ---D | M] (No name found) -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\extensions
[2010/06/24 15:11:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/09/30 15:51:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/17 09:22:29 | 000,000,000 | ---D | M] (No name found) -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/01/17 09:22:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\extensions\engine@conduit.com
[2011/04/23 07:24:48 | 000,000,961 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin-1.xml
[2010/11/12 20:31:14 | 000,000,961 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin-2.xml
[2010/12/13 12:45:51 | 000,000,961 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin-3.xml
[2011/03/02 18:22:19 | 000,000,961 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin-4.xml
[2011/03/23 13:23:32 | 000,000,961 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin-5.xml
[2010/06/24 15:11:02 | 000,000,168 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin.gif
[2010/06/24 15:11:02 | 000,000,618 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin.src
[2010/07/18 18:18:22 | 000,001,069 | ---- | M] () -- D:\Users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\searchplugins\icqplugin.xml
[2011/04/23 07:38:02 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/06/10 11:50:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\USERS\MAUZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5C3G0EUP.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\MAUZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5C3G0EUP.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010/11/12 20:30:54 | 000,001,392 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/12 20:30:54 | 000,002,344 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/12 20:30:54 | 000,006,805 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/11/12 20:30:54 | 000,001,178 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/12 20:30:54 | 000,000,801 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\mauzi_ON_D..\Run: [osidfjklsdw.exe] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\mauzi_ON_D..\RunOnce: [FlashPlayerUpdate] D:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\mauzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: D:\Users\mauzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - D:\Users\mauzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\mauzi_ON_D Winlogon: Shell - (C:\Users\mauzi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHXDX8RW\readme[1].exe) - D:\Users\mauzi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHXDX8RW\readme[1].exe (UKMWHHTXSXVZLCAKW)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7cea6dc0-7849-11df-acc3-0021866d81fd}\Shell - "" = AutoRun
O33 - MountPoints2\{7cea6dc0-7849-11df-acc3-0021866d81fd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{d3323608-67de-11df-9e7e-0021866d81fd}\Shell - "" = AutoRun
O33 - MountPoints2\{d3323608-67de-11df-9e7e-0021866d81fd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/28 09:49:17 | 000,000,000 | ---D | C] -- D:\Kaspersky Rescue Disk 10.0
[2011/04/15 05:08:56 | 000,000,000 | ---D | C] -- D:\Users\mauzi\Desktop\Allgemeine Unterlagen Katrin
[2011/04/15 04:58:51 | 000,000,000 | ---D | C] -- D:\Users\mauzi\Desktop\Modul 1.8 Gerontoligie
[2011/04/14 18:39:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2011/04/14 18:39:59 | 000,428,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2011/04/14 18:39:56 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2011/04/14 18:39:56 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2011/04/14 18:39:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dnscacheugc.exe
[2011/04/14 18:39:47 | 000,606,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstime.dll
[2011/04/14 18:39:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2011/04/14 18:39:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2011/04/14 18:39:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2011/04/14 18:39:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2011/04/14 18:39:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2011/04/14 18:39:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedsbs.dll
[2011/04/14 18:39:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2011/04/14 18:39:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2011/04/14 18:39:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2011/04/14 18:39:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2011/04/14 18:39:15 | 002,331,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2011/04/14 18:39:08 | 000,191,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FXSCOVER.exe
[2011/04/14 18:39:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2011/04/14 18:38:59 | 001,164,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc42u.dll
[2011/04/14 18:38:59 | 001,137,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfc42.dll
[2011/04/01 03:42:48 | 000,000,000 | ---D | C] -- D:\Program Files\SecureW2
[2011/04/01 03:42:47 | 000,000,000 | ---D | C] -- D:\Users\mauzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
[2011/04/01 03:42:47 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2
[2011/04/01 03:42:35 | 000,000,000 | ---D | C] -- D:\Users\mauzi\AppData\Local\TempDIR
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/28 09:31:40 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/04/28 09:30:25 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 09:22:14 | 000,013,440 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 09:22:14 | 000,013,440 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 09:19:07 | 000,618,912 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/04/28 09:19:07 | 000,107,232 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/04/28 09:15:03 | 000,001,090 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 09:14:44 | 1603,772,416 | -HS- | M] () -- D:\hiberfil.sys
[2011/04/24 05:29:30 | 000,107,466 | ---- | M] () -- D:\Users\mauzi\Desktop\zoobesuch.jpg
[2011/04/19 11:46:19 | 000,402,385 | ---- | M] () -- D:\Users\mauzi\Desktop\Wissensmangement Handout_13.04.11.pdf
[2011/04/19 11:41:20 | 000,622,249 | ---- | M] () -- D:\Users\mauzi\Desktop\Modulplan_Gerontologie_2011.pdf
[2011/04/19 11:40:30 | 000,278,140 | ---- | M] () -- D:\Users\mauzi\Desktop\Frailty_Gerontologie.pdf
[2011/04/19 11:40:00 | 000,168,589 | ---- | M] () -- D:\Users\mauzi\Desktop\Fries_Gerontologie.pdf
[2011/04/18 04:45:59 | 000,031,061 | ---- | M] () -- D:\Users\mauzi\Desktop\Assessmentinstrument in der Gerontologie.pdf
[2011/04/18 04:45:02 | 000,580,341 | ---- | M] () -- D:\Users\mauzi\Desktop\Methodik_DEMENZ.pdf
[2011/04/15 03:02:44 | 000,412,744 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/04/08 04:44:43 | 003,510,400 | ---- | M] () -- D:\Users\mauzi\Documents\Alle wissen alles - keiner weiß Bescheid.mp3
[2011/04/08 04:41:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/04/08 04:41:18 | 000,001,360 | ---- | M] () -- D:\Users\mauzi\Desktop\Free YouTube to MP3 Converter.lnk
[2011/04/07 17:27:57 | 000,000,000 | ---- | M] () -- D:\Windows\System32\cd.dat
[2011/04/07 17:27:44 | 167,120,344 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2011/04/01 03:42:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2
[2011/03/31 06:15:23 | 000,002,290 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2011/04/24 05:29:28 | 000,107,466 | ---- | C] () -- D:\Users\mauzi\Desktop\zoobesuch.jpg
[2011/04/19 11:46:18 | 000,402,385 | ---- | C] () -- D:\Users\mauzi\Desktop\Wissensmangement Handout_13.04.11.pdf
[2011/04/19 11:41:19 | 000,622,249 | ---- | C] () -- D:\Users\mauzi\Desktop\Modulplan_Gerontologie_2011.pdf
[2011/04/19 11:40:30 | 000,278,140 | ---- | C] () -- D:\Users\mauzi\Desktop\Frailty_Gerontologie.pdf
[2011/04/19 11:40:00 | 000,168,589 | ---- | C] () -- D:\Users\mauzi\Desktop\Fries_Gerontologie.pdf
[2011/04/18 04:45:59 | 000,031,061 | ---- | C] () -- D:\Users\mauzi\Desktop\Assessmentinstrument in der Gerontologie.pdf
[2011/04/18 04:45:02 | 000,580,341 | ---- | C] () -- D:\Users\mauzi\Desktop\Methodik_DEMENZ.pdf
[2011/04/08 04:45:33 | 003,510,400 | ---- | C] () -- D:\Users\mauzi\Documents\Alle wissen alles - keiner weiß Bescheid.mp3
[2011/04/08 04:41:18 | 000,001,360 | ---- | C] () -- D:\Users\mauzi\Desktop\Free YouTube to MP3 Converter.lnk
[2011/04/07 17:27:57 | 000,000,000 | ---- | C] () -- D:\Windows\System32\cd.dat
[2011/01/11 15:59:07 | 000,028,672 | ---- | C] () -- D:\Windows\System32\NlsMexicons000f.dll
[2010/12/16 13:11:50 | 000,000,056 | -H-- | C] () -- D:\Windows\System32\ezsidmv.dat
[2010/08/15 16:58:20 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll
[2009/09/23 13:16:08 | 002,050,952 | ---- | C] () -- D:\Windows\System32\igkrng400.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,412,744 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,618,912 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,232 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/06/24 15:11:07 | 000,000,000 | ---D | M] -- D:\ProgramData\ICQ
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/04/01 11:31:35 | 000,032,608 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Bitte um Hilfe. Vielen Dank im voraus.
Mfg

markusg 28.04.2011 15:21
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:
:OTL
O20 - HKU\mauzi_ON_D Winlogon: Shell - (C:\Users\mauzi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHXDX8RW\readme[1].exe) - D:\Users\mauzi\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\HHXDX8RW\readme[1].exe (UKMWHHTXSXVZLCAKW)
:Files
D:\Users\mauzi\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\HHXDX8RW
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


öffne computer, öffne D: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Redshape 28.04.2011 16:34
Hi,
vielen Dank für die schnelle Hilfe.
Soweit hat alles funktioniert
und die 'MovedFiles' hab ich hochgeladen.

Mfg

markusg 28.04.2011 16:41
ok hat geklappt
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Redshape 28.04.2011 18:09
hier ist die combofix log:

Combofix Logfile:
Code:
ComboFix 11-04-27.04 - mauzi 28.04.2011  20:47:52.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1033.18.2039.1331 [GMT 2:00]
ausgeführt von:: E:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\osidfjklsdw
c:\osidfjklsdw\config.bin
c:\osidfjklsdw\osidfjklsdw.exe
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\users\mauzi\AppData\Local\TempDIR
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))
.
.
2011-04-28 21:44 . 2011-03-06 22:12        2234368        ----a-r-        C:\OTLPE.exe
2011-04-28 21:44 . 2011-04-28 21:44        --------        d-----w-        C:\_OTL
2011-04-28 18:38 . 2011-04-28 18:38        --------        d-----w-        c:\program files\Common Files\Adobe
2011-04-28 18:09 . 2011-04-28 18:09        --------        d-----w-        c:\windows\system32\SPReview
2011-04-28 18:08 . 2011-04-28 18:08        --------        d-----w-        c:\windows\system32\EventProviders
2011-04-28 18:04 . 2010-11-20 12:21        626176        ----a-w-        c:\windows\system32\usp10.dll
2011-04-28 18:03 . 2010-11-20 12:21        31744        ----a-w-        c:\windows\system32\wdiasqmmodule.dll
2011-04-28 18:02 . 2010-11-20 12:18        323072        ----a-w-        c:\windows\system32\drvstore.dll
2011-04-28 18:02 . 2010-11-20 12:18        257024        ----a-w-        c:\windows\system32\dpx.dll
2011-04-28 13:49 . 2011-04-28 15:14        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
2011-04-22 09:14 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{68AE4DA1-AB2D-40F8-998A-0C26E184A46C}\mpengine.dll
2011-04-14 22:40 . 2011-02-23 04:48        311808        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-14 22:40 . 2011-02-23 04:48        310272        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-14 22:40 . 2011-02-23 04:47        114176        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-14 22:39 . 2011-02-19 06:30        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-14 22:39 . 2011-02-19 04:34        294912        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-14 22:39 . 2011-03-03 05:38        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-14 22:39 . 2011-03-03 05:36        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-14 22:39 . 2011-03-03 03:42        2333184        ----a-w-        c:\windows\system32\win32k.sys
2011-04-14 22:39 . 2011-02-12 05:35        191488        ----a-w-        c:\windows\system32\FXSCOVER.exe
2011-04-14 22:39 . 2010-11-20 12:17        802304        ----a-w-        c:\windows\system32\WFS.exe
2011-04-14 22:39 . 2011-02-24 05:38        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:39 . 2011-03-08 05:28        741376        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-14 22:38 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-14 22:38 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-14 22:38 . 2011-02-23 04:47        223232        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 22:38 . 2011-02-23 04:47        96768        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 22:38 . 2011-02-23 04:47        123904        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 22:38 . 2011-02-23 04:47        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-14 01:39 . 2011-04-14 01:39        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-01 07:42 . 2011-04-01 07:42        --------        d-----w-        c:\program files\SecureW2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 18:16 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-19 06:30 . 2011-03-09 13:19        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 13:19        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 13:19        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-03 05:54 . 2011-02-09 13:06        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2009-12-24 14:02        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\mauzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\mauzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\mauzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\mauzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\mauzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mauzi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-03-18 326704]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 15:50]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 15:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Free YouTube to Mp3 Converter - c:\users\mauzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {94B80344-1F86-401D-BE28-B3D41178F48A} = 10.43.8.1
FF - ProfilePath - c:\users\mauzi\AppData\Roaming\Mozilla\Firefox\Profiles\5c3g0eup.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-osidfjklsdw.exe - c:\osidfjklsdw\osidfjklsdw.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3684)
c:\users\mauzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-28  21:03:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-28 19:03
.
Vor Suchlauf: 102.641.651.712 bytes free
Nach Suchlauf: 102.235.230.208 bytes free
.
- - End Of File - - FD3D3FC460AEA5DFF390580E9EE934DC
--- --- ---

markusg 28.04.2011 19:00
öffne computer c: qoobox rechtsklick auf quarantain, packen und wie otl vorhins hochladen.
melden wenn erledigt.

Redshape 28.04.2011 20:22
Ist erledigt!

markusg 28.04.2011 20:32
geklappt.
machst du onlinebanking einkäufe oder sonst was wichtiges?

Redshape 28.04.2011 20:52
onlinebanking und einkäufe

markusg 29.04.2011 10:53
ok.
1. sofort die bank anrufen, onlinebanking muss umgehend gesperrt werden.
2. wenn der rechner sauber ist müssen alle passwörter geendert werden.
3. ein sauberen rechner bei diesem befall erreichen wir nur, wenn du deine daten sicherst, formatierst und neu aufsetzt.
ich erkläre dir, falls erwünscht, was zu tun ist, um das system in der zukunft richtig abzusichern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131