|
Plagegeister aller Art und deren Bekämpfung: Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.03.2012, 18:17 | #1 |
| Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Guten Abend, wie soviele hats auch mich auch erwischt! Was ich bisher gemacht habe: - windows 7 (64bit) im abgesicherten modus gestartet - mam fullscan gemacht (6 trojaner gefunden und gelöscht) - mit otl.exe einen fullscan durch geführt - den log (otl.txt) ist unten in der textbox und die extras.txt im anhang schon im Voraus ein ganz grosses DANKESCHÖN für eure Hilfe!!! Code:
ATTFilter OTL logfile created on: 25.03.2012 17:48:40 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = M:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,97 Gb Available Physical Memory | 87,17% Memory free 25,99 Gb Paging File | 25,12 Gb Available in Paging File | 96,65% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 163,03 Gb Total Space | 104,48 Gb Free Space | 64,09% Space Free | Partition Type: NTFS Drive D: | 113,55 Gb Total Space | 107,36 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Drive E: | 51,24 Gb Total Space | 45,14 Gb Free Space | 88,10% Space Free | Partition Type: NTFS Drive F: | 302,73 Gb Total Space | 203,90 Gb Free Space | 67,35% Space Free | Partition Type: NTFS Drive G: | 119,33 Gb Total Space | 106,05 Gb Free Space | 88,87% Space Free | Partition Type: NTFS Drive H: | 181,64 Gb Total Space | 157,81 Gb Free Space | 86,88% Space Free | Partition Type: NTFS Drive I: | 6,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive K: | 2794,51 Gb Total Space | 2341,44 Gb Free Space | 83,79% Space Free | Partition Type: NTFS Drive L: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 14,92 Gb Total Space | 14,80 Gb Free Space | 99,19% Space Free | Partition Type: FAT32 Computer Name: REDDRAGON | User Name: Red Dragon | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.25 16:51:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- M:\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 22:16:09 | 003,340,064 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.02 23:55:16 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.01 18:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2010.12.06 09:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 01:04:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.02.17 00:24:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Stopped] -- F:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 21:22:04 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2011.09.11 17:07:54 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.11 15:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daum.net/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Plus! Network" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://anime-loads.org/" FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=addr&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 15:06:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.01 15:19:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Red Dragon\AppData\Roaming\11003 [2012.03.25 15:42:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{d591241b-9967-418c-9b7d-ee128131d60d}: C:\Program Files (x86)\GMX\GMX MultiMessenger\ThunderbirdSyncProxy [2010.06.09 22:04:23 | 000,000,000 | ---D | M] [2010.02.16 23:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Extensions [2012.03.09 00:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions [2012.03.09 00:39:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.03.09 00:39:18 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2011.09.03 21:04:44 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\bbrs_002@blabbers.com [2011.03.28 20:04:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\engine@conduit.com [2011.03.12 01:03:52 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Red Dragon\AppData\Roaming\mozilla\Firefox\Profiles\hfbz982x.default\extensions\personas@christopher.beard [2010.12.09 22:36:51 | 000,000,935 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\conduit.xml [2012.03.22 03:11:07 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-1.xml [2011.09.19 01:07:56 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-10.xml [2011.10.11 17:28:10 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-11.xml [2011.11.20 20:26:42 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-12.xml [2011.12.23 23:24:47 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-13.xml [2011.03.23 15:52:55 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-2.xml [2011.05.08 21:40:35 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-3.xml [2011.05.12 21:43:01 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-4.xml [2011.06.24 20:37:38 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-5.xml [2011.07.06 23:18:29 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-6.xml [2011.08.18 00:20:29 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-7.xml [2011.09.03 20:46:05 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-8.xml [2011.09.03 21:24:35 | 000,000,950 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin-9.xml [2011.03.01 19:12:56 | 000,001,056 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\icqplugin.xml [2012.02.09 21:54:18 | 000,002,770 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\Plusnetwork.xml [2011.02.26 19:57:06 | 000,002,012 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\hfbz982x.default\searchplugins\xrnb-suche.xml [2011.12.23 23:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\RED DRAGON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HFBZ982X.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.21 15:06:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.10 01:38:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.10 01:38:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.10 01:38:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.10 01:38:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.10 01:38:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.10 01:38:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\SysWOW64\gigagetbho_v10.dll (Giganology Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Red Dragon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [SkypePM] C:\Users\Red Dragon\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download All by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\getallurl.htm () O8:64bit: - Extra context menu item: &Download by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\geturl.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\getallurl.htm () O8 - Extra context menu item: &Download by Gigaget - C:\Program Files (x86)\Giganology\Gigaget\geturl.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - F:\Games\SECRET~1\\SECRET~1.EXE File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A69CD0CB-A076-43B9-9922-CE04A4BE251F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F390E956-F9DD-422B-8C74-7CC75343B3F5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.09 12:28:28 | 000,190,342 | R--- | M] () - I:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2012.02.04 04:49:26 | 000,000,106 | R--- | M] () - I:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.10.11 16:43:59 | 000,000,000 | ---- | M] () - K:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1610ed77-3fdb-11df-b895-001f3f07e0fa}\Shell - "" = AutoRun O33 - MountPoints2\{1610ed77-3fdb-11df-b895-001f3f07e0fa}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O33 - MountPoints2\{27fec4a2-4257-11df-a0f1-001f3f07e0fa}\Shell - "" = AutoRun O33 - MountPoints2\{f0533075-1414-11e0-b209-00235473cd4b}\Shell - "" = AutoRun O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Installer.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.25 15:42:24 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\11003 [2012.03.25 15:42:07 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\xmldm [2012.03.25 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\kock [2012.03.13 20:55:59 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.13 20:55:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.13 20:55:58 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.13 20:53:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.13 20:53:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.13 20:53:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.13 20:53:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.13 20:53:19 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.03.13 20:53:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.13 20:53:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.11 17:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.11 17:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.10 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Local\Daum [2012.03.10 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\PotPlayer64 [2012.03.10 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum [2012.03.10 21:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [2012.03.10 21:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\PotPlayer [2012.03.09 00:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.03.08 23:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 [2012.03.08 23:37:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.03.08 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.03.08 23:03:56 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Roaming\Origin [2012.03.08 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Red Dragon\AppData\Local\Origin [2012.03.08 23:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.03.08 23:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.02.24 22:42:44 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.24 22:42:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.24 22:42:43 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.24 22:42:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.24 22:42:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.24 22:42:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.24 22:42:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.24 22:42:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.24 22:42:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.24 22:42:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.24 22:42:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.24 22:42:12 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.24 22:42:05 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.24 22:42:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.24 22:42:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Red Dragon\AppData\Roaming\*.tmp files -> C:\Users\Red Dragon\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.25 17:22:45 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.25 17:22:45 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.25 17:22:45 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.25 17:22:45 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.25 17:22:45 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.25 17:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.25 17:17:31 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys [2012.03.25 17:00:49 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.03.25 17:00:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.03.25 17:00:49 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.03.25 17:00:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Red Dragon-Startup.job [2012.03.25 15:53:40 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:53:40 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:53:40 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.03.25 15:42:17 | 000,280,056 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\AcroIEHelpe.dll [2012.03.25 15:42:17 | 000,005,624 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\BAcroIEHelpe.dll [2012.03.25 15:42:14 | 000,000,016 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\blckdom.res [2012.03.25 15:38:48 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 15:38:48 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 18:43:52 | 635,913,881 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.14 18:54:36 | 000,304,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.11 17:49:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.10 21:18:47 | 000,000,854 | ---- | M] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64 Playback Only.lnk [2012.03.10 21:18:47 | 000,000,826 | ---- | M] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64.lnk [2012.03.08 23:37:22 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012.03.08 23:03:39 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.02.25 02:31:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.02.25 02:26:42 | 000,000,412 | ---- | M] () -- C:\Users\Red Dragon\AppData\Roaming\All CPU Meter_Settings.ini [2012.02.24 22:48:13 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Red Dragon\AppData\Roaming\*.tmp files -> C:\Users\Red Dragon\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.25 15:42:17 | 000,280,056 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\AcroIEHelpe.dll [2012.03.25 15:42:17 | 000,005,624 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\BAcroIEHelpe.dll [2012.03.25 15:42:14 | 000,000,016 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\blckdom.res [2012.03.10 21:18:47 | 000,000,854 | ---- | C] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64 Playback Only.lnk [2012.03.10 21:18:47 | 000,000,826 | ---- | C] () -- C:\Users\Red Dragon\Desktop\PotPlayer x64.lnk [2012.03.08 23:37:22 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012.03.08 23:03:39 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.11 18:38:11 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.06.23 13:50:19 | 000,000,412 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\All CPU Meter_Settings.ini [2011.05.29 17:12:21 | 000,000,353 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\Network Meter_Settings.ini [2011.05.29 17:10:22 | 000,000,339 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\Drives Meter_Settings.ini [2011.03.06 20:56:37 | 000,000,127 | ---- | C] () -- C:\Users\Red Dragon\AppData\Roaming\default.rss [2011.02.25 00:09:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.26 22:12:55 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe ========== LOP Check ========== [2012.03.25 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\11003 [2010.09.12 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Acreon [2010.03.14 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Amazon [2012.02.03 20:36:01 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\BitTorrent [2010.11.28 20:36:04 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Canon [2011.08.07 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\com.socialbox.socialbox [2010.06.09 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\GMX [2011.11.23 21:13:31 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ICQ [2012.03.25 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\kock [2010.12.01 19:35:58 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Leadertech [2011.09.03 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Lionhead Studios [2011.02.13 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Mount&Blade Warband [2010.03.28 20:35:11 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\OCS [2010.03.28 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Opera [2012.03.08 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Origin [2012.03.10 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\PotPlayer64 [2010.02.19 00:15:13 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ROCCAT [2011.10.11 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Seagate [2012.01.16 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Stardock [2011.05.28 14:00:39 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\TS3Client [2011.05.22 21:45:02 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\ts3overlay [2011.09.11 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\Uniblue [2012.03.25 15:42:07 | 000,000,000 | ---D | M] -- C:\Users\Red Dragon\AppData\Roaming\xmldm [2012.03.25 17:00:49 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.03.25 17:00:49 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011.11.20 19:25:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.25 17:00:49 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job [2012.03.25 17:00:49 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Red Dragon-Startup.job ========== Purity Check ========== < End of report > |
27.03.2012, 19:58 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Zitat:
__________________ |
28.03.2012, 19:33 | #3 |
| Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) hier bitte mam fullscan log:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6858 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 25.03.2012 16:57:56 mbam-log-2012-03-25 (16-57-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 400370 Laufzeit: 35 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\red dragon\AppData\Local\Temp\0.03404377285015803.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\red dragon\AppData\Local\Temp\0.08604172183910042.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\red dragon\AppData\Local\Temp\0.09476582688901602.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\red dragon\AppData\Local\Temp\0.7229209892453373.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\red dragon\AppData\Roaming\appconf32.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
29.03.2012, 10:33 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Zitat:
Starte im abgesicherten Modus mit Netzwerktreibern, dort Malwarebytes wieder starten und updaten!! Wichtig ist, dass du erst die neue Version von Malwarebytes neu runterlädst, dann nach der Installation nochmal updatest (auf den Update-Button in Malwarebytes klicken) Mach dann wieder einen Vollscan Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
29.03.2012, 22:51 | #5 |
| Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Geht im abgesicherten Modus mit Netzwerktreibern auch Wlan per USB? ^^ weil meiner will nicht so recht oder ich muss my ganzen pc zum wlan schleppen und kabel benutzen. Hier bitte die neue MAM Log: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.01.13.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Red Dragon :: REDDRAGON [Administrator] Schutz: Deaktiviert 29.03.2012 22:44:24 mbam-log-2012-03-29 (22-44-24).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 418137 Laufzeit: 44 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
30.03.2012, 10:09 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Zitat:
Hast du kein Netzwerkkabel da um dich mal kurz per Kabel am Router zu verbinden?
__________________ --> Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) |
30.03.2012, 20:32 | #7 |
| Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Bin per kabel angeschlossen Hier der neue MAM Log: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Red Dragon :: REDDRAGON [Administrator] Schutz: Aktiviert 30.03.2012 19:24:01 mbam-log-2012-03-30 (19-24-01).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 439071 Laufzeit: 1 Stunde(n), 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Red Dragon\AppData\Local\Skype\SkypePM.exe (Virus.Agent) -> 940 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6764C5ED-CEE4-42AE-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Virus.Agent) -> Daten: C:\Users\Red Dragon\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Red Dragon\AppData\Local\Skype\SkypePM.exe (Virus.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Red Dragon\AppData\Roaming\AcroIEHelpe.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
30.03.2012, 21:09 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
30.03.2012, 23:10 | #9 |
| Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) Hier der ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7916aac0469156418dc3eca9d83fd278 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-30 09:52:46 # local_time=2012-03-30 11:52:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 437095 437095 0 0 # compatibility_mode=5893 16776574 100 94 10758 84768858 0 0 # compatibility_mode=8192 67108863 100 0 140 140 0 0 # scanned=244318 # found=18 # cleaned=0 # scan_time=5358 C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIWVK5RK\index-functions[3].js Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Local\Mozilla\Firefox\Profiles\hfbz982x.default\Cache\1\51\517BDd01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7ba65a9e-438fd0fb Java/Exploit.Agent.NAO trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Roaming\BAcroIEHelpe.dll Win32/Spy.Banker.XOR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Roaming\11003\components\AcroFF.dll Win32/Spy.Banker.XOS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Users\Red Dragon\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I |
30.03.2012, 23:20 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste)Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) |
autorun, bho, blockiert, canon, cpu, defender, download, error, explorer, explorer.exe, firefox, format, gelöscht, helper, hilfe!!, launch, log, logfile, malwarebytes, microsoft, nvidia, origin, plug-in, registry, rojaner gefunden, searchscopes, software, stick, trojaner, trojaner gefunden, version=1.0, windows, winlogon |