| |
| |||||||
Log-Analyse und Auswertung: Schwarzer DesktopWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2012, 18:37
| #1 |
| |  Schwarzer Desktop Hallo NG, mein PC hat auf einmal das Problem, das die Meldung kommt. Failed to save the components fot the file \\system32\00006449. Ich habe einen Scan mit OTL und einen mit Malewarebytes gemacht. Hier der Inhalt der drei Dateien. Was kann ich machen? OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 19.03.2012 18:24:12 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\roling.GEO\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,20% Memory free 15,98 Gb Paging File | 13,11 Gb Available in Paging File | 82,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 2,38 Gb Free Space | 3,20% Space Free | Partition Type: NTFS Drive E: | 111,00 Gb Total Space | 29,76 Gb Free Space | 26,81% Space Free | Partition Type: NTFS Drive H: | 153,38 Gb Total Space | 40,03 Gb Free Space | 26,10% Space Free | Partition Type: NTFS Computer Name: GM-ROLING | User Name: roling | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.19 18:09:51 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\roling.GEO\Downloads\OTL.exe PRC - [2012.03.19 17:46:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.02.06 17:57:10 | 000,934,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.02.06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.01 10:58:06 | 000,122,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe PRC - [2011.01.27 16:51:04 | 002,253,688 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.10.12 17:28:26 | 000,726,456 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\wfcrun32.exe PRC - [2010.10.12 17:24:38 | 000,304,568 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\concentr.exe PRC - [2010.09.08 09:31:40 | 000,886,512 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe PRC - [2010.09.08 08:45:24 | 000,387,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.09.08 08:44:26 | 001,931,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe PRC - [2010.09.08 08:38:06 | 004,600,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe PRC - [2010.09.08 08:36:52 | 000,955,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe PRC - [2010.09.03 14:07:46 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.08.19 03:10:00 | 001,705,280 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE PRC - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe ========== Modules (No Company Name) ========== MOD - [2012.03.19 17:46:10 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.06 15:55:38 | 000,085,288 | -H-- | M] () -- C:\Users\roling.GEO\AppData\Roaming\Mozilla\Firefox\Profiles\uqkop9tv.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\components\RadioWMPCoreGecko11.dll MOD - [2012.02.23 12:37:50 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll MOD - [2012.02.23 12:37:13 | 000,381,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\7e5e3868644fb0d43e06669eb81b102c\Microsoft.TeamFoundation.VersionControl.Common.ni.dll MOD - [2012.02.23 12:37:09 | 001,249,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\9a8f24b79685c4277bf94a9733fb5ee5\Microsoft.TeamFoundation.Common.ni.dll MOD - [2012.02.23 12:37:07 | 001,530,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\076512600a445b70f51713d3e8ba3cb7\Microsoft.TeamFoundation.ni.dll MOD - [2012.02.21 18:11:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll MOD - [2012.02.21 18:11:45 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll MOD - [2012.02.21 18:11:43 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll MOD - [2012.02.21 18:11:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll MOD - [2012.02.21 18:11:38 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll MOD - [2012.02.21 18:11:36 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll MOD - [2012.02.21 18:11:32 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll MOD - [2011.03.01 11:01:48 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\x86\TfsComProviderStub.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012.02.06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.01.27 16:51:04 | 002,253,688 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.09.08 08:45:36 | 001,084,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.09.08 08:44:26 | 001,931,144 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent) SRV - [2010.09.08 08:38:06 | 004,600,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe -- (MMS) SRV - [2010.09.03 14:07:46 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.31 07:01:40 | 000,229,376 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oracle\11.2.0\client_2\bin\CMGW.EXE -- (OracleOraClient11g_home2CMan) SRV - [2010.03.31 07:01:30 | 000,745,472 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oracle\11.2.0\client_2\bin\CMADMIN.EXE -- (OracleOraClient11g_home2CMAdmin) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.19 03:10:00 | 001,705,280 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.02.02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener) SRV - [2006.02.02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2006.02.02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.17 17:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.21 10:03:01 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.09.21 09:59:13 | 000,278,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.07.14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.09.17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 33 D8 EC 23 57 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {85C5EF5F-94A4-4014-81F5-376B4F6F8CBC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{42A49609-C0FD-4150-9B29-7BE20C066658}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{85C5EF5F-94A4-4014-81F5-376B4F6F8CBC}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{8B87A6DA-0979-492A-B074-FE978878BFB4}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{E5F9DBB2-17CC-4082-8174-AB2106937A19}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 17:46:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.12 07:54:36 | 000,000,000 | ---D | M] [2010.07.02 06:35:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Extensions [2012.03.16 08:08:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions [2012.03.07 07:44:44 | 000,000,000 | -H-D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} [2011.03.07 14:11:47 | 000,000,000 | -H-D | M] (Bundeskampf Toolbar) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\bundeskampftoolbar@spielwerk.gmbh [2011.03.24 16:40:52 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\engine@conduit.com [2012.01.09 07:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.19 17:46:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.10.12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010.10.12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010.10.12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010.10.12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010.10.12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.02.07 07:50:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.07 07:50:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.07 07:50:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.07 07:50:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.07 07:50:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.07 07:50:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Bundeskampf) - {16487639-F41C-421C-B909-BC7E01937C7D} - C:\PROGRA~2\BUNDES~1\BUNDES~1.DLL (Spielwerk) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis) O4 - HKLM..\Run: [ConnectionCenter] C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\roling.GEO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyTime.lnk = C:\tools\MyTime\MyTime.exe (Geomapping GmbH) O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.230 217.237.148.70 217.237.150.115 217.237.149.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geo.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39079C9-1FED-498E-BDD6-EEE27FDCCFD4}: DhcpNameServer = 192.168.100.230 217.237.148.70 217.237.150.115 217.237.149.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39079C9-1FED-498E-BDD6-EEE27FDCCFD4}: NameServer = 192.168.100.230,8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.19 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\roling.GEO\AppData\Roaming\Malwarebytes [2012.03.19 18:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.19 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.19 18:01:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.19 18:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.19 17:21:33 | 000,000,000 | -H-D | C] -- C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.03.14 18:10:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.14 18:10:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.14 18:10:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 07:25:40 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 07:25:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 07:25:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 07:25:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 07:24:58 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 07:24:57 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.02.20 15:29:53 | 000,000,000 | -H-D | C] -- C:\Users\roling.GEO\Documents\BASF [2012.02.20 07:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.02.20 07:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.02.20 07:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dealio Toolbar ========== Files - Modified Within 30 Days ========== [2012.03.19 18:22:06 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 18:22:06 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.19 18:14:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.19 18:14:23 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI [2012.03.19 18:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.19 18:13:49 | 2140,442,623 | -HS- | M] () -- C:\hiberfil.sys [2012.03.19 18:03:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.19 18:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 17:23:15 | 000,000,456 | -H-- | M] () -- C:\ProgramData\JKQkOiWUmen8jV [2012.03.19 17:21:34 | 000,000,653 | -H-- | M] () -- C:\Users\roling.GEO\Desktop\System Check.lnk [2012.03.19 17:21:34 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~JKQkOiWUmen8jV [2012.03.19 17:21:34 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~JKQkOiWUmen8jVr [2012.03.19 17:21:23 | 000,353,792 | -H-- | M] () -- C:\ProgramData\JKQkOiWUmen8jV.exe [2012.03.19 09:39:19 | 001,777,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.19 09:39:19 | 000,761,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.19 09:39:19 | 000,705,014 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.19 09:39:19 | 000,174,806 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.19 09:39:19 | 000,141,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.19 09:39:01 | 000,001,647 | -H-- | M] () -- C:\Users\roling.GEO\2-1359952.WibuCmRaC [2012.03.16 09:05:24 | 000,001,016 | -H-- | M] () -- C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.16 09:05:00 | 000,000,994 | -H-- | M] () -- C:\Users\roling.GEO\Desktop\Dropbox.lnk [2012.03.15 08:00:56 | 000,446,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.09 09:31:05 | 000,026,156 | -H-- | M] () -- C:\Users\roling.GEO\.recently-used.xbel [2012.03.06 11:19:29 | 000,007,485 | -H-- | M] () -- C:\Users\roling.GEO\Documents\ibburg.lsd [2012.02.22 07:38:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.02.21 18:14:09 | 001,758,428 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012.03.19 18:01:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.19 17:21:34 | 000,000,653 | -H-- | C] () -- C:\Users\roling.GEO\Desktop\System Check.lnk [2012.03.19 17:21:34 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~JKQkOiWUmen8jV [2012.03.19 17:21:34 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~JKQkOiWUmen8jVr [2012.03.19 17:21:28 | 000,000,456 | -H-- | C] () -- C:\ProgramData\JKQkOiWUmen8jV [2012.03.19 17:21:23 | 000,353,792 | -H-- | C] () -- C:\ProgramData\JKQkOiWUmen8jV.exe [2012.03.19 09:39:01 | 000,001,647 | -H-- | C] () -- C:\Users\roling.GEO\2-1359952.WibuCmRaC [2012.03.09 09:31:05 | 000,026,156 | -H-- | C] () -- C:\Users\roling.GEO\.recently-used.xbel [2012.03.06 11:19:29 | 000,007,485 | -H-- | C] () -- C:\Users\roling.GEO\Documents\ibburg.lsd [2012.02.15 09:32:50 | 000,005,632 | -H-- | C] () -- C:\Users\roling.GEO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.31 14:07:36 | 000,229,428 | ---- | C] () -- C:\Windows\SysWow64\pmtols.dll [2011.08.25 16:31:43 | 000,007,602 | -H-- | C] () -- C:\Users\roling.GEO\AppData\Local\Resmon.ResmonCfg [2011.02.10 10:24:33 | 034,593,359 | -H-- | C] () -- C:\ProgramData\Projects.zip < End of report > Log Datei von Malewarebytes: (mbam-log-2012-03-19 (18-02-02).txt Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 roling :: GM-ROLING [Administrator] Schutz: Aktiviert 19.03.2012 18:02:02 mbam-log-2012-03-19 (18-02-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 304433 Laufzeit: 10 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> 2688 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\hVcFymSUOVmBXKV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> Löschen bei Neustart. (Ende) protection-log-2012-03-19.txt 2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Starting protection 2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Executing scheduled update: Daily 2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Database already up-to-date 2012/03/19 18:01:58 +0100 GM-ROLING roling MESSAGE Protection started successfully 2012/03/19 18:02:01 +0100 GM-ROLING roling MESSAGE Starting IP protection 2012/03/19 18:02:02 +0100 GM-ROLING roling MESSAGE IP Protection started successfully 2012/03/19 18:13:05 +0100 GM-ROLING (null) IP-BLOCK 217.23.9.189 (Type: outgoing, Port: 49246, Process: jkqkoiwumen8jv.exe) 2012/03/19 18:13:05 +0100 GM-ROLING (null) IP-BLOCK 141.136.16.61 (Type: outgoing, Port: 49247, Process: jkqkoiwumen8jv.exe) 2012/03/19 18:14:53 +0100 GM-ROLING roling MESSAGE Starting protection 2012/03/19 18:14:59 +0100 GM-ROLING roling MESSAGE Protection started successfully 2012/03/19 18:15:02 +0100 GM-ROLING roling MESSAGE Starting IP protection 2012/03/19 18:15:03 +0100 GM-ROLING roling MESSAGE IP Protection started successfully |
|
20.03.2012, 10:31
| #2 |
| | Schwarzer Desktop Hallo NG,
__________________ich habe den kompletten Rechner wieder mit einer alten Sicherung hergestellt und ihn so wieder zum korrekten laufen bekommen. Danke an Alle die sich bereits mit meinem Problem befaßt haben. Es ist also keine weitere Bearbeitung von nöten. Danke und schöne Grüße Martin |
|
| Themen zu Schwarzer Desktop |
| adobe, autorun, bho, bonjour, conduit, dateisystem, desktop, error, explorer, failed, file, firefox, format, google earth, heuristiks/extra, heuristiks/shuriken, home, ip-block, langs, logfile, löschen, microsoft security, mozilla, plug-in, problem, programme, realtek, registry, scan, searchscopes, security, server, software, system, vdeck.exe, version=1.0, visual studio, windows |
Linear-Darstellung
