|
Log-Analyse und Auswertung: Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.08.2012, 12:47 | #1 |
| Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden" Hallo liebes Trojaner-Board-Team, habe mir einen (vermutlich nicht ganz unbekannten) Trojaner eingefangen und versucht, den Anweisungen so genau wie möglich zu folgen. Anbei findet ihr alle aufgezeichneten Files mit der Bitte um Hilfestellung. Solltet ihr noch irgendwelche Daten benötigen lasst es mich bitte wissen. Besten Dank im Voraus. Peter |
10.08.2012, 12:50 | #2 |
| Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden" OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.08.2012 12:48:25 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Andrea\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,80 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 60,91% Memory free 5,60 Gb Paging File | 4,36 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 84,14 Gb Free Space | 57,48% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 285,88 Gb Free Space | 89,54% Space Free | Partition Type: NTFS Computer Name: STAN | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.10 12:24:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.01 21:10:03 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE PRC - [2011.03.01 21:10:02 | 004,216,320 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.05 08:40:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.04.27 16:30:24 | 000,079,360 | ---- | M] (UNIQA) -- C:\Programme\UNIQA\VIPService\VIPService.exe PRC - [2005.05.04 01:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlservr.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.08.03 15:16:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.20 19:37:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.02 15:46:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.01 22:03:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.03.01 21:10:03 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.05 08:40:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.04.27 16:30:24 | 000,079,360 | ---- | M] (UNIQA) [Auto | Running] -- C:\Programme\UNIQA\VIPService\VIPService.exe -- (VIPService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.05.04 01:19:22 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlservr.exe -- (MSSQL$BASICSYSTEMS) SRV - [2005.05.03 23:50:28 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper) SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL$BASICSYSTEMS\Binn\sqlagent.EXE -- (SQLAgent$BASICSYSTEMS) ========== Driver Services (SafeList) ========== DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2011.04.17 10:20:36 | 000,036,584 | ---- | M] (6Ci) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WideUSB.sys -- (WideUSB) DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2011.03.01 21:28:28 | 009,982,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.01 21:10:01 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 14:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.01.07 05:49:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 F3 BB CA 44 D8 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {4C6226A1-FCC4-4ACC-9833-904EED0AE13E} IE - HKCU\..\SearchScopes\{4C6226A1-FCC4-4ACC-9833-904EED0AE13E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLD_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=ovYRtYjPRbP5LhGrfKX9FGxGUS4?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "SFT_de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "SFT_de3 Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.18 16:24:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.10 08:28:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.20 19:38:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.10 08:28:32 | 000,000,000 | ---D | M] [2011.10.29 16:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions [2011.10.29 16:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.06.16 08:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions [2012.06.16 08:45:35 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.06.16 08:45:39 | 000,000,000 | ---D | M] (SFT_de3 Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\{ff88a983-649d-4207-9336-9b999280b436} [2012.06.10 23:06:28 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\daz3khsx.default\extensions\ffxtlbr@babylon.com [2011.08.04 10:31:00 | 000,000,917 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\daz3khsx.default\searchplugins\conduit.xml [2011.04.15 18:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 23:06:27 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DAZ3KHSX.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI [2012.06.10 23:06:28 | 000,011,148 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DAZ3KHSX.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012.06.20 19:38:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.20 19:37:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 23:05:40 | 000,002,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.20 19:37:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.20 19:37:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.15 09:48:20 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.20 19:37:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 19:37:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 19:37:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - homepage: Google O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SyncCenter] C:\Users\Andrea\AppData\Local\Microsoft\Windows\4871\SyncCenter.exe File not found O4 - HKLM..\Run: [TaskTray] File not found O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E65C8FAC-DE51-4CAC-BFCB-EEA768E378F4}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d87c151c-3aa9-11e1-8718-e839df1eafde}\Shell - "" = AutoRun O33 - MountPoints2\{d87c151c-3aa9-11e1-8718-e839df1eafde}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{d87c1529-3aa9-11e1-8718-e839df1eafde}\Shell - "" = AutoRun O33 - MountPoints2\{d87c1529-3aa9-11e1-8718-e839df1eafde}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.10 12:30:00 | 007,239,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andrea\Desktop\mbam-rules.exe [2012.08.10 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Malwarebytes [2012.08.10 12:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.10 12:25:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.10 12:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.10 12:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.10 12:25:16 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andrea\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.10 12:25:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe [2012.08.10 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\hellomoto [2012.08.08 07:13:42 | 000,046,280 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\PSKMAD.sys [2012.08.07 18:25:50 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Panda Security [2012.08.07 18:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2012.08.07 18:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.08.07 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.08.07 18:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2012.08.07 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo [2012.08.07 18:00:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.13 07:02:16 | 000,174,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINKNC.sys [2012.07.13 07:02:16 | 000,120,872 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProt.sys [2012.07.13 07:02:16 | 000,114,216 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProc.sys [2012.07.13 07:02:15 | 000,148,520 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINAflt.sys [2012.07.13 07:02:15 | 000,103,464 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINFile.sys [2012.07.12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\NNSStrm.sys [2011.07.27 13:35:03 | 058,370,688 | ---- | C] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote_4.4.2.4912.exe [2011.06.28 12:30:57 | 002,021,872 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe [2011.04.15 18:44:34 | 012,420,392 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe [2011.04.12 17:15:27 | 002,853,928 | ---- | C] (Bartels Media ) -- C:\Program Files\phraseexpressversion6.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.10 12:52:43 | 000,015,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 12:52:43 | 000,015,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 12:52:13 | 000,680,546 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.10 12:52:13 | 000,636,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.10 12:52:13 | 000,141,492 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.10 12:52:13 | 000,115,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.10 12:47:02 | 000,000,000 | ---- | M] () -- C:\Users\Andrea\defogger_reenable [2012.08.10 12:45:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.10 12:44:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.10 12:44:36 | 2255,867,904 | -HS- | M] () -- C:\hiberfil.sys [2012.08.10 12:33:44 | 000,050,477 | ---- | M] () -- C:\Users\Andrea\Desktop\Defogger.exe [2012.08.10 12:29:26 | 007,239,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andrea\Desktop\mbam-rules.exe [2012.08.10 12:25:50 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 12:24:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe [2012.08.10 12:22:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andrea\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.10 12:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.10 11:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.08 07:13:29 | 000,456,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.07 18:13:48 | 000,001,926 | ---- | M] () -- C:\Users\Andrea\Desktop\CrystalDiskInfo.lnk [2012.08.07 13:36:54 | 000,000,156 | ---- | M] () -- C:\Windows\setscan.ini [2012.08.07 12:41:31 | 000,500,974 | ---- | M] () -- C:\Users\Andrea\Desktop\ShowDocument.pdf [2012.07.31 12:07:52 | 002,102,922 | ---- | M] () -- C:\Users\Andrea\Desktop\Befunfde Ohr und Hand.pdf [2012.07.25 14:33:02 | 031,047,882 | ---- | M] () -- C:\NVAngebot.exe [2012.07.25 10:45:12 | 000,059,904 | ---- | M] () -- C:\Users\Andrea\Desktop\Microsoft Office Publisher-Dokument (neu).pub [2012.07.19 12:22:05 | 000,189,530 | ---- | M] () -- C:\Users\Andrea\Desktop\Gattinger Martina.pdf [2012.07.19 11:52:50 | 000,027,514 | ---- | M] () -- C:\Users\Andrea\Desktop\5007d8e824a9b.pdf [2012.07.18 15:24:13 | 000,218,102 | ---- | M] () -- C:\Users\Andrea\Desktop\12_04_19_plattform_KESt-Neu.pdf [2012.07.18 14:02:15 | 000,468,732 | ---- | M] () -- C:\Users\Andrea\Desktop\9783486700923.fm.pdf [2012.07.18 13:19:20 | 003,593,719 | ---- | M] () -- C:\Users\Andrea\Desktop\UBS-KeyInvest_1_2012.pdf [2012.07.14 14:04:25 | 000,007,599 | ---- | M] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg [2012.07.13 19:23:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINKNC.sys [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProt.sys [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINProc.sys [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINAflt.sys [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSINFile.sys [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\NNSStrm.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.10 12:47:02 | 000,000,000 | ---- | C] () -- C:\Users\Andrea\defogger_reenable [2012.08.10 12:34:28 | 000,050,477 | ---- | C] () -- C:\Users\Andrea\Desktop\Defogger.exe [2012.08.10 12:25:50 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 18:13:48 | 000,001,926 | ---- | C] () -- C:\Users\Andrea\Desktop\CrystalDiskInfo.lnk [2012.08.07 18:02:39 | 000,001,046 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.08.07 12:41:31 | 000,500,974 | ---- | C] () -- C:\Users\Andrea\Desktop\ShowDocument.pdf [2012.07.31 12:07:52 | 002,102,922 | ---- | C] () -- C:\Users\Andrea\Desktop\Befunfde Ohr und Hand.pdf [2012.07.25 10:45:12 | 000,059,904 | ---- | C] () -- C:\Users\Andrea\Desktop\Microsoft Office Publisher-Dokument (neu).pub [2012.07.19 12:22:05 | 000,189,530 | ---- | C] () -- C:\Users\Andrea\Desktop\Gattinger Martina.pdf [2012.07.19 11:52:48 | 000,027,514 | ---- | C] () -- C:\Users\Andrea\Desktop\5007d8e824a9b.pdf [2012.07.18 15:24:13 | 000,218,102 | ---- | C] () -- C:\Users\Andrea\Desktop\12_04_19_plattform_KESt-Neu.pdf [2012.07.18 14:02:13 | 000,468,732 | ---- | C] () -- C:\Users\Andrea\Desktop\9783486700923.fm.pdf [2012.07.18 13:19:20 | 003,593,719 | ---- | C] () -- C:\Users\Andrea\Desktop\UBS-KeyInvest_1_2012.pdf [2012.07.14 14:04:25 | 000,007,599 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg [2012.07.10 08:14:21 | 000,241,137 | ---- | C] () -- C:\Windows\hpwins28.dat [2012.05.30 15:40:29 | 000,004,096 | -H-- | C] () -- C:\Users\Andrea\AppData\Local\keyfile3.drm [2012.05.24 11:44:12 | 181,705,360 | ---- | C] () -- C:\Program Files\TAS_201203.zip [2012.05.24 10:54:34 | 174,749,293 | ---- | C] () -- C:\Program Files\TAS_201011.zip [2012.05.18 17:14:35 | 000,241,111 | ---- | C] () -- C:\Windows\hpwins28.dat.temp [2012.05.03 10:48:00 | 000,038,425 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.04.23 19:33:59 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2012.02.15 16:13:40 | 181,151,074 | ---- | C] () -- C:\Program Files\TAS.zip [2012.01.09 17:02:44 | 000,026,555 | ---- | C] () -- C:\Program Files\GV_Leistungsbeschreibung.pdf [2011.12.30 15:34:13 | 000,077,568 | ---- | C] () -- C:\Program Files\GV_Angebot.pdf [2011.12.27 12:30:48 | 000,091,807 | ---- | C] () -- C:\Program Files\UV_Angebot.pdf [2011.12.14 13:26:48 | 153,292,013 | ---- | C] () -- C:\Program Files\Tarifprogramm_201201.zip [2011.11.24 16:31:12 | 004,957,344 | ---- | C] () -- C:\Program Files\asignFullSetup_network.exe [2011.11.24 09:00:25 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2011.10.16 18:16:15 | 000,012,977 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft Excel 97-2003.CAL [2011.10.16 18:16:05 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.20 20:09:55 | 000,147,956 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.05.24 14:09:38 | 000,166,011 | ---- | C] () -- C:\Program Files\Personalisierung_2 [2011.05.17 16:33:25 | 001,857,488 | ---- | C] () -- C:\Program Files\install_easyshare.exe [2011.05.17 13:53:22 | 000,000,031 | ---- | C] () -- C:\Windows\vpms.ini [2011.04.17 10:23:20 | 000,212,480 | ---- | C] () -- C:\Windows\System32\WinPenTools.dll [2011.04.15 18:46:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.15 10:30:11 | 015,729,080 | ---- | C] () -- C:\Program Files\macdocupen_rc800.zip [2011.04.13 09:14:52 | 000,000,027 | ---- | C] () -- C:\Windows\Gauss.ini [2011.03.07 18:38:20 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe [2011.03.04 15:00:01 | 000,031,944 | ---- | C] () -- C:\Windows\maxlink.ini [2011.03.04 14:58:55 | 000,000,156 | ---- | C] () -- C:\Windows\setscan.ini [2011.03.01 21:10:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.09.17 12:00:04 | 012,832,768 | ---- | C] () -- C:\Windows\System32\wb_gsdll32.dll [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll ========== LOP Check ========== [2011.03.04 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\.oit [2011.11.24 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\A-Trust GmbH [2011.12.02 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASCON Installer [2011.03.04 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Canon Electronics [2012.08.10 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox [2012.08.10 11:22:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\hellomoto [2011.07.26 10:27:55 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ISIS Drivers [2011.04.07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nokia [2012.08.07 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Panda Security [2011.03.02 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PC Suite [2012.07.13 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PhraseExpress [2012.01.16 12:08:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\prism [2011.03.04 15:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ScanSoft [2012.05.19 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Swiss Academic Software [2012.01.16 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer [2011.03.04 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon [2011.10.31 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zurich [2012.03.10 08:21:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
Themen zu Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden" |
100 euro trojaner virus windows7, bekannte, benötige, blockiert, compu, computer, daten, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, eingefangen, files, folge, gefangen, gen, gesetze, republik, republik österreich, troja, trojaner, trojaner eingefangen, unbekannte, unbekannten, verletzung, verletzung der gesetze, vermutlich, versuch, versucht, Österreich |