| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.cWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
23.02.2012, 00:24
| #1 |
 |  erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c Hallo an Alle! Kämpfe seit ein paar Tagen mit dieser Malerware herum, vll kann mir jemand weiterhelfen... Verwende Vista 32Bit SP1 Bekomme die Meldung von Kaspersky Virus.Win32.ZAccess.aml! Nach ein wenig herum googeln finde ich auf der Supportseite von Kaspersky jendes Tool "TDSSKiller"... findet zwar 1-2 Datein jedesmal, jedoch nach dem Neustart warnt mich Kaspersky aufs neue... (also hat es nicht gebracht) Seit der ersten Viruswarnung starten einige Programme (iTunes,Outlook,...) nicht mehr, bzw. starten sie, jedoch reagiert das Programm nach dem start nicht mehr. dann bekomme ich so ca jede stunde mal einen blue Screen. und oben drauf lässt sich der abgesicherte Modus auch nicht mehr starten (kommt ebenfalls der gleiche blue Screen) und jetzt bekomme ich die Warnung von Kaspersky "Virus.Win32.ZAccess.c" gleiches Spiel... in dem moment wie ich die allererste Viruswarnung von Kaspersky bekommen habe, hat sich gleichzeitig mein Firefox von selbst geschlossen, denke das, das kein zufall war.... Vll kann mir wer weiterhelfen. Thx4Support Zion418 Code:
ATTFilter OTL logfile created on: 23.02.2012 00:07:35 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\home\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,94% Memory free 6,23 Gb Paging File | 4,64 Gb Available in Paging File | 74,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 6,21 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Drive D: | 164,51 Gb Total Space | 9,54 Gb Free Space | 5,80% Space Free | Partition Type: NTFS Computer Name: ZENTRUM | User Name: home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe PRC - [2012.02.22 23:15:42 | 000,183,808 | ---- | M] () -- C:\Windows\Temp\pyacmg\setup.exe PRC - [2012.02.19 02:17:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.14 12:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe PRC - [2011.12.14 12:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011.04.17 21:08:54 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2011.02.24 11:59:08 | 002,000,712 | ---- | M] (Comfort Software Group) -- C:\Programme\FreeCountdownTimer\FreeCountdownTimer.exe PRC - [2011.01.07 14:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2010.04.03 11:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.03.23 09:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.08.19 13:41:26 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Programme\Brownie\brpjp04a.exe PRC - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe PRC - [2008.01.18 22:33:34 | 000,021,504 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe PRC - [2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.02.19 02:17:50 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.11.04 15:54:16 | 000,930,304 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.22 13:29:18 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011.04.17 21:07:38 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.02.28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.01.17 15:46:20 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\cpuutil.dll MOD - [2006.05.25 16:18:08 | 000,106,548 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowNap.dll MOD - [2005.06.22 16:39:56 | 000,204,851 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowerDll.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (msmpsvc) SRV - File not found [Auto | Stopped] -- -- (d-link_st3402) SRV - File not found [Auto | Stopped] -- -- (CTAudSvcService) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008.01.18 22:33:34 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\rt2870.dll -- (netcfgsvr) SRV - [2007.05.15 14:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - [2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.04.17 21:07:38 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2011.04.17 21:07:38 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.04.17 20:53:19 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008.04.21 11:39:16 | 001,397,760 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD) DRV - [2008.01.18 20:56:00 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx) DRV - [2007.08.17 14:14:44 | 000,891,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.05.15 14:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.05.15 14:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.05.15 14:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.12 14:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 02:17:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 01:54:18 | 000,000,000 | ---D | M] [2011.04.17 21:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions [2012.02.22 02:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions [2011.12.07 19:53:56 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.07.20 17:46:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.29 18:25:29 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\formhistory@yahoo.com [2012.02.22 02:47:22 | 000,000,000 | ---D | M] (SenSEO) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\senseo@nicosteiner.de [2011.11.20 23:30:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com [2011.11.10 02:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.19 08:09:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.04.17 22:19:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011.04.17 22:19:50 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\MEMORYRESTART@TEAMEXTENSION.COM.XPI () (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.02.19 02:17:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.01 23:15:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 00:18:25 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.09.01 23:15:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.01 23:15:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.01 23:15:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.01 23:15:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.01 23:15:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=8e877628000000000000001e8c652b00 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Skype Click to Call = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ CHR - Extension: Anti-Banner = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D7E3FC-5E67-423D-AC08-F747BA92D711}: DhcpNameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75389769-4D5D-441C-B3D6-DB5A198B1133}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95229565-8240-45A6-BBA8-D5998918FA17}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell - "" = AutoRun O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.23 00:00:39 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012.02.23 00:00:14 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otl4_htm [2012.02.22 23:59:45 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otlv4_h [2012.02.22 21:16:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.22 21:16:10 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes [2012.02.22 21:15:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SpeedyPC Software [2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\DriverCure [2012.02.21 02:44:14 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software [2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software [2012.02.21 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\home\DoctorWeb [2012.02.20 14:13:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.02.20 14:12:47 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe [2012.02.19 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\dvdcss [2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Uxul [2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Tuip [2012.02.15 05:40:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Download Manager [2012.02.14 23:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.02.14 23:16:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.09 02:40:34 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Release [2012.02.08 00:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.08 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Babylon [2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Babylon [2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.02.07 23:55:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\FileZilla [2012.02.07 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\CesarFTP [2012.02.07 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Xenocode [2012.02.06 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AORDB_Release [2012.02.01 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\eno [2012.01.29 22:12:48 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.01.27 02:41:51 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AOR_Release2 [2012.01.27 02:39:58 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\aor [2012.01.27 01:56:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2005 [2012.01.27 01:50:30 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll [2012.01.27 01:50:14 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll [2012.01.27 01:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Component [2012.01.27 01:49:12 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Task [2012.01.27 01:48:51 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\SQL Server Management Studio [2012.01.27 01:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx [2012.01.27 01:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2012.01.27 01:43:09 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2008 [2012.01.27 01:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2012.01.27 01:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.01.27 01:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.01.27 01:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.01.27 01:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033 [2012.01.27 01:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell V2 (CTP3) [2012.01.27 01:34:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2012.01.27 01:18:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2012.01.27 01:18:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2012.01.27 01:18:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2012.01.27 01:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 [2012.01.27 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Microsoft_Corporation [2012.01.27 01:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.01.27 00:50:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2012.01.27 00:50:37 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2012.01.24 03:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.01.24 03:15:44 | 004,990,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVStWiz.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job [2012.02.23 00:03:12 | 000,000,164 | -HS- | M] () -- C:\Windows\KLIF.spi [2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012.02.23 00:00:12 | 002,886,775 | ---- | M] () -- C:\Users\home\Desktop\otl4_htm.zip [2012.02.22 23:59:36 | 000,132,237 | ---- | M] () -- C:\Users\home\Desktop\otlv4_h.zip [2012.02.22 23:20:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job [2012.02.22 23:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.22 23:15:49 | 000,000,321 | ---- | M] () -- C:\Windows\Brownie.ini [2012.02.22 23:15:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 23:15:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd [2012.02.22 23:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.22 23:15:36 | 3218,436,096 | -HS- | M] () -- C:\hiberfil.sys [2012.02.22 23:14:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.22 22:06:08 | 000,695,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.22 22:06:08 | 000,139,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.22 22:01:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.22 21:56:10 | 000,164,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.22 21:56:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.22 21:46:29 | 403,230,807 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.02.22 21:15:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.22 18:20:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job [2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.02.21 02:42:02 | 000,001,205 | ---- | M] () -- C:\Users\home\Desktop\FixNCR1.reg [2012.02.20 23:38:00 | 000,001,456 | ---- | M] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.20 23:37:59 | 000,860,250 | ---- | M] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg [2012.02.20 14:12:49 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe [2012.02.19 18:37:50 | 000,040,448 | ---- | M] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 04:07:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.02.08 00:19:48 | 000,001,822 | ---- | M] () -- C:\Users\home\Desktop\JDownloader.lnk [2012.02.08 00:18:40 | 000,000,237 | ---- | M] () -- C:\user.js [2012.02.02 19:37:17 | 000,000,916 | ---- | M] () -- C:\Users\home\Desktop\Dropbox.lnk [2012.02.02 19:37:17 | 000,000,896 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.01 18:20:05 | 003,727,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.27 01:01:24 | 000,026,742 | ---- | M] () -- C:\Users\home\Desktop\create_db_AOR.sql [2012.01.26 23:16:44 | 000,014,316 | ---- | M] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf [2012.01.26 23:14:24 | 000,014,322 | ---- | M] () -- C:\Users\home\Desktop\WAHLARZT.pdf [2012.01.26 02:07:17 | 000,190,885 | ---- | M] () -- C:\Users\home\Desktop\hebr-500.pdf [2012.01.24 03:15:22 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.23 00:02:34 | 000,000,164 | -HS- | C] () -- C:\Windows\KLIF.spi [2012.02.23 00:00:03 | 002,886,775 | ---- | C] () -- C:\Users\home\Desktop\otl4_htm.zip [2012.02.22 23:59:34 | 000,132,237 | ---- | C] () -- C:\Users\home\Desktop\otlv4_h.zip [2012.02.22 21:15:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.21 02:44:28 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.02.21 02:44:13 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.02.21 02:44:12 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.02.21 02:42:01 | 000,001,205 | ---- | C] () -- C:\Users\home\Desktop\FixNCR1.reg [2012.02.20 23:37:57 | 000,860,250 | ---- | C] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg [2012.02.19 05:05:01 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd [2012.02.08 00:19:48 | 000,001,822 | ---- | C] () -- C:\Users\home\Desktop\JDownloader.lnk [2012.02.08 00:19:41 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.08 00:19:41 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.08 00:19:41 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.02.08 00:18:40 | 000,000,237 | ---- | C] () -- C:\user.js [2012.01.27 01:01:23 | 000,026,742 | ---- | C] () -- C:\Users\home\Desktop\create_db_AOR.sql [2012.01.26 23:16:44 | 000,014,316 | ---- | C] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf [2012.01.26 23:14:24 | 000,014,322 | ---- | C] () -- C:\Users\home\Desktop\WAHLARZT.pdf [2012.01.26 02:07:17 | 000,190,885 | ---- | C] () -- C:\Users\home\Desktop\hebr-500.pdf [2012.01.24 03:17:39 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.01.24 03:17:31 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.01.24 03:17:05 | 3218,436,096 | -HS- | C] () -- C:\hiberfil.sys [2011.11.07 22:46:00 | 000,000,068 | ---- | C] () -- C:\Windows\WinInit.Ini [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.10.13 03:29:51 | 000,125,000 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.09.13 01:06:01 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe [2011.06.16 17:38:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2011.04.30 19:25:36 | 000,000,600 | ---- | C] () -- C:\Users\home\AppData\Local\PUTTY.RND [2011.04.28 13:22:00 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.04.23 01:20:04 | 000,000,290 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.04.21 21:15:18 | 000,139,264 | ---- | C] () -- C:\Windows\Vmix106.dll [2011.04.21 21:15:17 | 000,495,616 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe [2011.04.21 21:15:17 | 000,000,272 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2011.04.21 21:14:28 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.04.21 21:14:28 | 000,004,599 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2011.04.21 21:14:28 | 000,003,067 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2011.04.21 21:14:27 | 000,000,625 | ---- | C] () -- C:\Windows\cm106.ini [2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak.bak [2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak [2011.04.21 17:44:08 | 000,000,051 | ---- | C] () -- C:\Windows\FILEDG32.ini [2011.04.21 14:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.21 14:53:57 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI [2011.04.21 14:52:51 | 000,000,321 | ---- | C] () -- C:\Windows\Brownie.ini [2011.04.21 14:46:57 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.21 10:33:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.20 00:51:24 | 000,040,448 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 20:51:44 | 000,001,456 | ---- | C] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.04.18 03:39:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.18 03:39:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.18 01:31:01 | 000,071,680 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys [2011.04.17 22:14:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.04.17 21:08:11 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.04.17 21:08:11 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.04.17 21:08:02 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2011.04.17 21:08:02 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2011.04.17 21:07:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.04.17 20:59:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.04.17 20:59:45 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.04.17 20:39:59 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat ========== LOP Check ========== [2011.05.21 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AUTOSICH [2012.02.08 00:18:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon [2011.04.23 02:13:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\cbuenger [2012.01.29 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.04.18 01:17:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DAEMON Tools Lite [2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DriverCure [2012.02.22 23:16:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox [2011.08.10 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoft [2011.08.10 00:14:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.07 23:56:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FileZilla [2011.04.17 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\GHISLER [2011.05.19 03:10:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\IrfanView [2012.02.17 00:33:49 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MySQL [2011.09.28 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Quite [2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpeedyPC Software [2011.04.18 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.10 02:57:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TeamViewer [2012.02.12 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\toolplugin [2012.02.19 05:26:07 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Tuip [2012.02.08 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\uTorrent [2012.02.19 16:51:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Uxul [2011.10.05 01:42:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\XMedia Recode [2012.02.22 23:14:34 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job [2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job [2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job [2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19048 home :: ZENTRUM [Administrator] Schutz: Aktiviert 22.02.2012 22:01:13 mbam-log-2012-02-22 (23-12-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 433780 Laufzeit: 1 Stunde(n), 10 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AZF7W1VWEMSSS (Trojan.SpyEyes) -> Daten: C:\Recycle.Bin\B6232F3ABA7.exe /q -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 2 C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt. C:\Recycle.Bin\4B15856F7B043CD (Trojan.Spyeyes) -> Keine Aktion durchgeführt. (Ende) |
| Themen zu erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c |
| bho, bonjour, converter, dateisystem, document, down, error, excel.exe, firefox, google, helper, heuristiks/extra, heuristiks/shuriken, home, kaspersky, logfile, malerware, mozilla, mp3, object, plug-in, realtek, recycle.bin, registry, rundll, scan, search the web, security, senden, server, software, starten, studio, tastatur, version=1.0, virus.win32.zaccess.aml, vista, vista 32bit, visual studio |
Baum-Darstellung