Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
"Poizei-Virus" plötzlich da

"Poizei-Virus" plötzlich da


Plagegeister aller Art und deren Bekämpfung: "Poizei-Virus" plötzlich da

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.08.2012, 17:52   #1
HeliRo
 
"Poizei-Virus" plötzlich da - Standard

"Poizei-Virus" plötzlich da


Habe schon so viel Positives von Euch gehört bzw. gelesen, dass ich fest überzeugt bin mit Eurer Hilfe diesen Quälgeist wieder los zu werden.
Das plötzliche Auftreten des Polizei-Virus, der mich heute heimgesucht hat, hat mich so erschreckt, dass ich die genaue Variante gar nicht genau erkennen konnte. Webcam war dabei.

Im abgesicherten Modus habe ich bereits wie hier schon oft beschrieben Malwarebytes Anti-Malware geladen und gestartet.

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
User :: GANY3 [Administrator]

Schutz: Deaktiviert

29.08.2012 17:39:13
mbam-log-2012-08-29 (17-39-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217571
Laufzeit: 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\MeinTempOrdner\install_0_msi.exe (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Danach OTL gestartet:

OTL logfile created on: 29.08.2012 17:48:41 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,59% Memory free
7,98 Gb Paging File | 7,34 Gb Available in Paging File | 91,93% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 12,33 Gb Free Space | 22,10% Space Free | Partition Type: NTFS
Drive D: | 420,09 Gb Total Space | 172,60 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive G: | 14,95 Gb Total Space | 7,40 Gb Free Space | 49,49% Space Free | Partition Type: FAT32
Drive Z: | 511,42 Gb Total Space | 245,71 Gb Free Space | 48,05% Space Free | Partition Type: NTFS

Computer Name: GANY3 | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.29 17:01:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2010.07.07 03:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.22 19:16:38 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Programme(x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.06.01 05:05:18 | 002,011,056 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.31 21:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.10.13 20:44:05 | 003,246,040 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.12.20 15:37:06 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- d:\Programme(x86)\Virtual CD V10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010.12.13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- D:\Programme(x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.08 09:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Stopped] -- D:\Programme(x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.14 13:28:16 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.05.12 16:49:41 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.05.12 16:21:44 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.05.12 16:21:36 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.05.12 16:21:36 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.05.12 16:21:36 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.05 16:35:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 20:44:06 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.10.13 20:44:04 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011.10.13 20:44:04 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011.07.13 13:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.07.13 13:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.19 09:53:32 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 16:27:52 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.12.02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.16 13:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.07 04:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.07.07 03:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.24 21:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 12:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.01.14 20:52:53 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.01.13 00:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/27 20:55:55] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.05.05 06:22:00 | 000,008,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS -- (usbscan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = Z:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2A57145C-7886-4EFC-B4A3-5492F0E884C0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A070DE4-169F-4F84-BC83-39B77186DBE0}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{2A57145C-7886-4EFC-B4A3-5492F0E884C0}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{396256E3-52B9-4BF2-BE51-B5480E3CB6E5}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{AD8A106B-AAEF-4275-A20B-5E41CFE843EA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: D:\Programme(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme(x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.14 20:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.14 20:54:14 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google \u00D6sterreich (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.at/search?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Picasa (Enabled) = D:\Programme(x86)\Picasa3\npPicasa3.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.457_0\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme(x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme(x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSimHDHook] C:\Program Files (x86)\ArcSoft\SimHD IM Plug-In\ArcSoft SimHD IM Plug-In.exe (ArcSoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Garmin Lifetime Updater] D:\Programme(x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] D:\Programme(x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Nero MediaHome 4] D:\Programme(x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VC10Player] d:\Programme(x86)\Virtual CD V10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [ApplePhotoStreams] D:\Programme(x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] D:\Programme(x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [MobileDocuments] D:\Programme(x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ProcessExplorer] Z:\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - HKCU..\Run: [SMASH] D:\Programme(x86)\SoftMaker Office 2010\SMASH.EXE (SoftMaker Software GmbH)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Programme(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRAMME\IncrediMail\bin\resources\WebMenuImg.htm File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRAMME\IncrediMail\bin\resources\WebMenuImg.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_64.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309E4477-7614-4BFE-820E-A4EC16159762}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.29 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.08.29 17:37:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.29 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.29 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.29 17:20:12 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.08.29 17:01:40 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.27 22:37:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012.08.27 22:37:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2012.08.27 22:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.08.27 22:37:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2012.08.27 22:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.08.27 22:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.08.27 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.08.27 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.08.27 22:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.08.27 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.08.14 20:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.08.13 21:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 21:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.04 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Classic 4
[2012.08.03 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.08.02 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
[2012.08.01 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Nik Software
[2012.08.01 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ColorEfexPro4
[2004.04.20 08:37:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dao360.dll
[1998.04.27 00:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Dao350.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.29 17:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.29 17:37:55 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.29 17:22:12 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 17:22:12 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 17:20:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.29 17:01:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.29 16:59:58 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.08.29 15:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.29 14:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.29 14:40:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898529061-575225583-3505721209-1000UA.job
[2012.08.29 13:03:59 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.29 12:42:53 | 000,780,277 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.08.29 12:42:53 | 000,043,531 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.08.29 12:40:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898529061-575225583-3505721209-1000Core.job
[2012.08.28 21:58:53 | 000,092,120 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.08.28 00:40:55 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012.08.27 23:09:55 | 000,203,776 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.27 22:50:20 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.08.27 22:37:22 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.26 21:16:50 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.08.22 14:41:08 | 000,002,412 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012.08.17 09:27:54 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.08.16 20:46:58 | 004,833,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.14 20:54:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2012.08.04 21:22:39 | 000,000,760 | ---- | M] () -- C:\Users\User\Desktop\PhotoZoom Classic 4.lnk
[2012.08.02 16:39:01 | 000,000,735 | ---- | M] () -- C:\Users\User\Desktop\Newsbin Pro 64.lnk
[2012.07.31 22:45:09 | 000,000,788 | ---- | M] () -- C:\Users\User\Desktop\IrfanView Thumbnails.lnk
[2012.07.31 22:45:09 | 000,000,694 | ---- | M] () -- C:\Users\User\Desktop\IrfanView.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.29 17:37:55 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.29 16:59:58 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.08.29 13:01:53 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.28 00:40:55 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012.08.27 22:37:22 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.27 22:37:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.08.17 09:27:54 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.08.04 21:22:39 | 000,000,760 | ---- | C] () -- C:\Users\User\Desktop\PhotoZoom Classic 4.lnk
[2012.08.03 21:30:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 21:30:44 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 18:48:42 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.05.07 18:48:41 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.05.07 18:48:41 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.05.07 18:48:41 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.05.07 18:48:41 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.02.23 05:26:34 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2012.01.31 21:36:50 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.10.24 21:55:18 | 000,003,254 | R--- | C] () -- C:\Windows\SysWow64\hptcpmon.ini
[2011.10.19 16:12:06 | 000,004,440 | ---- | C] () -- C:\Windows\jnkvt_f.ini
[2011.10.19 16:12:06 | 000,001,441 | ---- | C] () -- C:\Windows\cbtfw_zf24.ini
[2011.10.12 21:28:39 | 000,001,588 | ---- | C] () -- C:\Windows\debugrcfile.ini
[2011.08.19 15:51:43 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2011.08.19 15:51:43 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2011.08.18 15:21:15 | 000,020,531 | -H-- | C] () -- C:\ProgramData\W77X4
[2011.08.18 14:49:39 | 000,000,000 | ---- | C] () -- C:\Windows\prestopm.INI
[2011.08.18 14:25:40 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2011.08.18 14:25:24 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2011.08.18 14:24:59 | 000,000,133 | ---- | C] () -- C:\Windows\A11U.INI
[2011.08.01 23:11:24 | 000,007,609 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011.05.28 20:01:36 | 000,780,277 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.04.10 20:05:21 | 005,000,967 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2438.jpg
[2011.04.10 20:04:53 | 003,553,974 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2421.jpg
[2011.04.10 20:04:49 | 004,429,222 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2420.jpg
[2011.04.10 20:04:33 | 004,618,413 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2417.jpg
[2011.04.10 20:00:34 | 004,444,651 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2414.jpg
[2011.04.10 20:00:06 | 004,625,511 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2441.jpg
[2011.03.31 22:17:14 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.03.20 15:40:15 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.03.12 22:00:12 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.03.10 22:51:45 | 006,713,765 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2148_bearbeitet-10.jpg
[2011.03.10 22:47:07 | 006,713,765 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2148_bearbeitet-1.jpg
[2011.03.10 20:34:24 | 000,092,120 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.02 19:51:57 | 000,000,022 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Sys6925.Config Collection.sys
[2011.01.02 19:51:57 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin
[2010.12.06 20:22:37 | 000,203,776 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.30 22:13:59 | 000,749,568 | R--- | C] () -- C:\Windows\SysWow64\agissi.dll
[2010.11.30 22:13:59 | 000,348,160 | R--- | C] () -- C:\Windows\SysWow64\zshp2600.exe
[2010.11.30 22:13:55 | 011,206,656 | R--- | C] () -- C:\Windows\SysWow64\zhhp_res.dll
[2010.11.30 22:13:55 | 000,299,008 | R--- | C] () -- C:\Windows\SysWow64\zhhp2600.exe
[2010.11.30 22:12:40 | 000,000,573 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010.11.22 19:54:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.19 23:08:29 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2010.11.19 23:04:34 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.19 23:04:33 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010.11.19 23:04:33 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010.11.19 23:04:33 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010.11.19 23:04:32 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2070N.INI
[2010.11.19 23:00:00 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2070n.dat
[2010.11.19 22:59:22 | 000,000,228 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.11.15 15:08:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.10 14:33:07 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011.08.08 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\9B25F289-C7DC-4D5B-B7E6-988B9B4B7C1A
[2011.03.09 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acronis
[2011.05.19 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Athentech
[2012.02.28 01:40:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012.08.28 00:03:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre
[2010.12.02 22:36:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.01 12:18:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ColorEfexPro4
[2012.04.02 15:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.07.18 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cuobce
[2011.07.23 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cuttermaran
[2012.01.14 21:31:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Device Doctor
[2011.10.13 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\E29450DB-C5D6-4CDF-BF4F-340562724E26
[2011.11.09 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eM Client for SoftMaker
[2012.07.14 22:56:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\foobar2000
[2012.06.20 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN
[2010.12.08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011.03.07 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imagenomic
[2012.02.07 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2012.07.18 15:36:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ixmoyd
[2012.02.27 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kalenderchen
[2012.01.06 21:12:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lasersoft Imaging
[2010.11.19 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.07.26 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mediAvatar
[2012.02.27 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mkvtoolnix
[2012.07.27 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mp3tag
[2012.01.06 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mresreg
[2011.08.18 14:49:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NewSoft
[2011.08.18 14:49:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NSBackup
[2011.03.12 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScreeNet iSaver
[2011.12.04 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftMaker
[2012.04.02 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.31 22:56:08 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Virtual CD v10
[2012.05.17 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VoipBuster
[2012.02.08 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\XnView
[2011.03.30 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoWindow
[2012.08.15 12:20:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 384 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 320 bytes -> C:\Users\Public\Documents\Spoerl, Heinrich - Die Feuerzangenbowle-(0001).pdf:SummaryInformation
@Alternate Data Stream - 1117 bytes -> C:\Users\User\Documents\[Spamverdacht] Ihre BestellungReservierung bei www_DiTech_at vom 01_12_2010 2035.eml:OECustomProperty

< End of report >


Jetzt warte ich zuversichtlich auf Hilfe und bedanke mich vorweg schon herzlich.

Heli

 

Themen zu "Poizei-Virus" plötzlich da
administrator, adobe, adobe flash player, antivirus, babylon toolbar, babylontoolbar, bankguard, bho, bonjour, browser, download, error, explorer, firefox, firewall, flash player, format, helper, homepage, index, install_0_msi.exe, launch, logfile, mp3, object, origin, plug-in, polizei-virus, programme, realtek, registry, security, software, usb 3.0


« Polizeitrojaner . wie komme ich an den OTL-Fix | Bundespolizei Virus wie krieg ich ihn wieder weg? »


Ähnliche Themen: "Poizei-Virus" plötzlich da


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Win 7, Fehlermeldung:"Server ausgelastet" & plötzlich sehr langsam - Virus?
    Log-Analyse und Auswertung - 07.12.2013 (27)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Hatte Sperrbildschirm "Meldestelle Cybercrime...", ist plötzlich weg, Virus aber bestimmt noch am PC
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (19)
  7. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  8. Diverse "Buren" "Lamar" sowie ein Exploit Virus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  9. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  10. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  11. Plötzlich steht vor jeder Webseite "123123" - ist das ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 25.10.2012 (1)
  12. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  14. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  15. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Poizei-Virus" plötzlich da - Habe schon so viel Positives von Euch gehört bzw. gelesen, dass ich fest überzeugt bin mit Eurer Hilfe diesen Quälgeist wieder los zu werden. Das plötzliche Auftreten des Polizei-Virus, der - "Poizei-Virus" plötzlich da...
Archiv
Du betrachtest: "Poizei-Virus" plötzlich da auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131