| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei sperrt ComputerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.06.2012, 17:41
| #1 |
 |  Bundespolizei sperrt Computer Hallo, ich habe mir da heute diesen netten Virus eingefangen: Die Bundespolizei hat angeblich meinen Computer gesperrt und will nun 100€ per ukash von mir. Als erstes habe ich meinen PC (Win7) mal im Safe Mode gestartet und einen Full Scan von Malwarebytes durchgeführt. Ein paar Sachen wurden auch gefunden und bereinigt, aber der "Problemvirus" leider nicht. Wie soll ich jetzt weiter vorgehen? OTL.txt: Code:
ATTFilter OTL logfile created on: 21.06.2012 17:45:09 - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\iDGames\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,45% Memory free 4,00 Gb Paging File | 3,58 Gb Available in Paging File | 89,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,54 Gb Total Space | 280,61 Gb Free Space | 40,17% Space Free | Partition Type: NTFS Drive E: | 698,63 Gb Total Space | 113,84 Gb Free Space | 16,29% Space Free | Partition Type: NTFS Computer Name: IDGAMES-PC | User Name: iDGames | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\Desktop\Defogger.exe () PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\Desktop\Defogger.exe () MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (DAUpdaterSvc) -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found DRV - (catchme) -- C:\Users\*****\AppData\Local\Temp\catchme.sys File not found DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 20 D5 E0 53 B7 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011.11.25 00:03:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 17:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.30 09:56:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.13 18:23:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_13.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_13.0 [2011.02.01 20:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions [2011.02.01 20:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.30 12:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ue5mwyyq.default\extensions [2012.05.30 09:57:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ue5mwyyq.default\extensions\ich@maltegoetz.de [2011.07.13 22:58:37 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ue5mwyyq.default\extensions\plugin@yontoo.com [2012.05.30 09:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.06.16 17:57:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.30 09:56:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.13 22:58:47 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.05.30 09:56:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.30 09:56:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.05.30 09:56:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.30 09:56:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.30 09:56:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Facemoods = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\ CHR - Extension: Facemoods = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\ CHR - Extension: uTorrentBar_DE = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.7.1_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2010.10.21 12:54:12 | 000,000,253 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll File not found O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ddjtszsjbfxqech] C:\ProgramData\ddjtszsj.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer for Windows\AutoUpdate.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [buaf.exe] C:\Users\*****\AppData\Roaming\Oxbese\buaf.exe File not found O4 - HKCU..\Run: [ddjtszsjbfxqech] C:\ProgramData\ddjtszsj.exe () O4 - HKCU..\Run: [FEXeTWLLHYgf.exe] C:\ProgramData\FEXeTWLLHYgf.exe File not found O4 - HKCU..\Run: [jLpXt81ORDzYEi] C:\ProgramData\jLpXt81ORDzYEi.exe File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00DE7E49-F32A-4DEA-A7FC-30250B210C0B}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: lsmmmc - (C:\Windows\system32\atiestrB.dll) - File not found O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 15:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ogbfcdbswaqbodd [2012.06.19 01:45:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\FUCKED WITH TAMPON INSIDE VAG & FORCED Anal While Menstruation [2012.06.18 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\01.Sheryl.Crow.-.All.I.Wanna.Do [2012.06.17 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BoB [2012.06.16 23:17:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.06.15 16:10:35 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Nexus Mod Manager [2012.06.15 16:10:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Black_Tree_Gaming [2012.06.15 16:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2012.06.15 16:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2012.06.12 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [2012.06.11 20:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA [2012.06.07 12:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.07 12:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012.06.07 12:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.05.30 09:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.30 09:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.29 23:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012.05.29 23:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.05.28 23:28:17 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Prodigy [2012.05.27 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.05.27 15:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.05.27 14:58:57 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Java ========== Files - Modified Within 30 Days ========== [2012.06.21 17:44:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.06.21 17:44:15 | 000,000,346 | ---- | M] () -- C:\Users\*****\defogger_reenable [2012.06.21 17:43:08 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2012.06.21 17:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 17:37:13 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 15:46:01 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 15:06:28 | 000,000,052 | ---- | M] () -- C:\ProgramData\qwfqzhufiocgarv [2012.06.21 15:06:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\ifljubis.exe [2012.06.21 15:06:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\ddjtszsj.exe [2012.06.21 14:21:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2546801421-2070991855-9694198-1000UA.job [2012.06.21 12:43:14 | 003,878,112 | ---- | M] () -- C:\Users\*****\Desktop\battlelog-web-plugins-1.122.0-retail-prod.exe [2012.06.21 10:08:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:08:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 23:21:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2546801421-2070991855-9694198-1000Core.job [2012.06.19 12:58:30 | 000,068,265 | ---- | M] () -- C:\Users\*****\Desktop\Exalted Grand Galraki.png [2012.06.17 11:12:39 | 000,017,866 | ---- | M] () -- C:\Users\*****\Desktop\Untitled.png [2012.06.16 23:17:54 | 000,002,320 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk [2012.06.15 16:10:22 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.06.13 23:19:36 | 000,472,080 | ---- | M] () -- C:\Users\*****\Desktop\Zugticket Sziget Festival.pdf [2012.06.13 22:59:52 | 002,249,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 20:15:26 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.13 20:15:26 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 18:23:22 | 000,001,971 | ---- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.06.13 18:23:22 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.06.12 20:39:44 | 000,000,980 | ---- | M] () -- C:\Users\*****\Desktop\Miranda IM.lnk [2012.06.12 20:39:34 | 003,265,250 | ---- | M] () -- C:\Users\*****\Desktop\miranda-im-v0.9.52-unicode.exe [2012.06.11 20:20:00 | 000,000,216 | ---- | M] () -- C:\Users\*****\Desktop\Terraria.url [2012.06.02 13:08:32 | 000,358,593 | ---- | M] () -- C:\Users\*****\Desktop\451A65859D1FE43E18E8560D270CD400.cit-prod-tomcat4.pdf [2012.05.30 22:33:04 | 003,256,852 | ---- | M] () -- C:\Users\*****\Desktop\miranda-im-v0.9.49-unicode.exe [2012.05.30 11:32:20 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.05.30 11:32:10 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.05.30 11:30:16 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.05.30 09:56:09 | 000,001,986 | ---- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.05.30 09:49:07 | 000,044,755 | ---- | M] () -- C:\Users\*****\Desktop\proxtube_gesperrte_youtube_videos_schauen-1.4.2-fx.xpi [2012.05.27 14:04:18 | 000,000,213 | ---- | M] () -- C:\Users\*****\Desktop\Portal 2.url [2012.05.23 17:35:45 | 000,010,202 | ---- | M] () -- C:\Users\*****\Desktop\Plan Heiko.ods ========== Files Created - No Company Name ========== [2012.06.21 17:43:40 | 000,000,346 | ---- | C] () -- C:\Users\*****\defogger_reenable [2012.06.21 17:43:08 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2012.06.21 15:46:01 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 15:06:28 | 000,065,536 | ---- | C] () -- C:\ProgramData\ifljubis.exe [2012.06.21 15:06:27 | 000,065,536 | ---- | C] () -- C:\ProgramData\ddjtszsj.exe [2012.06.21 15:06:18 | 000,000,052 | ---- | C] () -- C:\ProgramData\qwfqzhufiocgarv [2012.06.21 12:40:25 | 003,878,112 | ---- | C] () -- C:\Users\*****\Desktop\battlelog-web-plugins-1.122.0-retail-prod.exe [2012.06.19 12:58:28 | 000,068,265 | ---- | C] () -- C:\Users\*****\Desktop\Exalted Grand Galraki.png [2012.06.16 23:17:54 | 000,002,320 | ---- | C] () -- C:\Users\*****\Desktop\Google Chrome.lnk [2012.06.16 23:16:46 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2546801421-2070991855-9694198-1000UA.job [2012.06.16 23:16:44 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2546801421-2070991855-9694198-1000Core.job [2012.06.15 16:10:22 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.06.14 11:00:45 | 000,148,464 | ---- | C] () -- C:\Users\*****\Documents\woohoo.wav [2012.06.13 23:19:36 | 000,472,080 | ---- | C] () -- C:\Users\*****\Desktop\Zugticket Sziget Festival.pdf [2012.06.13 18:23:22 | 000,001,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.06.12 20:39:27 | 003,265,250 | ---- | C] () -- C:\Users\*****\Desktop\miranda-im-v0.9.52-unicode.exe [2012.06.11 20:20:00 | 000,000,216 | ---- | C] () -- C:\Users\*****\Desktop\Terraria.url [2012.06.02 13:08:31 | 000,358,593 | ---- | C] () -- C:\Users\*****\Desktop\451A65859D1FE43E18E8560D270CD400.cit-prod-tomcat4.pdf [2012.05.30 22:32:56 | 003,256,852 | ---- | C] () -- C:\Users\*****\Desktop\miranda-im-v0.9.49-unicode.exe [2012.05.30 09:49:06 | 000,044,755 | ---- | C] () -- C:\Users\*****\Desktop\proxtube_gesperrte_youtube_videos_schauen-1.4.2-fx.xpi [2012.05.27 14:04:18 | 000,000,213 | ---- | C] () -- C:\Users\*****\Desktop\Portal 2.url [2012.05.23 17:35:43 | 000,010,202 | ---- | C] () -- C:\Users\*****\Desktop\Plan Heiko.ods [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.04.06 03:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 03:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.04.05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.06.07 11:19:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.18 10:19:45 | 000,000,009 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.01 20:32:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.05 23:54:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\~jLpXt81ORDzYEir [2011.01.05 23:54:19 | 000,000,272 | ---- | C] () -- C:\ProgramData\~jLpXt81ORDzYEi [2011.01.05 23:53:51 | 000,000,336 | ---- | C] () -- C:\ProgramData\jLpXt81ORDzYEi [2010.09.21 19:56:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.09.21 19:56:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.09.21 19:56:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.09.21 19:56:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.09.21 19:56:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe ========== LOP Check ========== [2011.09.14 16:02:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.11.21 13:40:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avzoxa [2009.09.10 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blitware [2009.09.09 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2011.09.05 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gnupg [2009.08.26 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2010.03.04 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech [2011.02.06 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient [2010.12.26 21:35:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Miranda [2010.04.07 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mobipocket [2010.07.03 21:31:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World [2010.04.07 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2010.04.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite [2011.11.25 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite [2009.08.26 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2010.03.27 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2011.10.24 11:07:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2011.11.26 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Oxbese [2010.09.27 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2012.06.21 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RayV [2010.12.19 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer [2009.10.29 11:52:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\runic games [2011.10.31 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion [2009.11.23 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2011.02.01 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2012.05.12 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2010.04.15 09:38:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2012.06.20 00:37:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent [2010.08.01 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wormux [2010.07.22 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XRay Engine [2012.05.27 13:47:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Danke schonmal im Voraus! Edit: Ich lasse Malwarebytes nochmal laufen, sodass ich auch die Logfile posten kann. Malwarebytes Logfile vom Quick Scan (habe ich als erstes gemacht): Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8246
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
21.06.2012 15:21:58
mbam-log-2012-06-21 (15-21-58).txt
Scan type: Quick scan
Objects scanned: 186492
Time elapsed: 3 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A0JWF1BYAX (Trojan.SpyEyes.RGen) -> Value: 4Y3Y0C3A0JWF1BYAX -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\mozilla firefox\0.004465391198515745.exe (Exploit.Dropper) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.05 Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 iDGames :: IDGAMES-PC [administrator] 21.06.2012 15:46:38 mbam-log-2012-06-21 (15-46-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 543184 Time elapsed: 1 hour(s), 2 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Games\Left 4 Dead 2\Left 4 dead 2\left4dead2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Quarantined and deleted successfully. C:\Users\iDGames\ms.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) Geändert von iDGames (21.06.2012 um 17:55 Uhr) |
|
22.06.2012, 22:16
| #2 |
| | Bundespolizei sperrt Computer Habe jetzt die Festplatte formatiert, Problem gelöst.
__________________ |
|
| Themen zu Bundespolizei sperrt Computer |
| .dll, antivirus, avast, avira, babylon toolbar, babylontoolbar, bho, black, bonjour, c:\windows\system32\cmd.exe, computer, conduit, defender, explorer, firefox, firefox 13.0.1, format, gesperrt, helper, langs, launch, logfile, malwarebytes, microsoft, nexus, nodrives, object, pdf, plug-in, registry, rundll, scan, search the web, searchscopes, software, static, temp, virus, windows, yontoo |
Linear-Darstellung
