![]() |
|
Plagegeister aller Art und deren Bekämpfung: "Poizei-Virus" plötzlich daWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() "Poizei-Virus" plötzlich da Habe schon so viel Positives von Euch gehört bzw. gelesen, dass ich fest überzeugt bin mit Eurer Hilfe diesen Quälgeist wieder los zu werden. Das plötzliche Auftreten des Polizei-Virus, der mich heute heimgesucht hat, hat mich so erschreckt, dass ich die genaue Variante gar nicht genau erkennen konnte. Webcam war dabei. Im abgesicherten Modus habe ich bereits wie hier schon oft beschrieben Malwarebytes Anti-Malware geladen und gestartet. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 User :: GANY3 [Administrator] Schutz: Deaktiviert 29.08.2012 17:39:13 mbam-log-2012-08-29 (17-39-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217571 Laufzeit: 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\MeinTempOrdner\install_0_msi.exe (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danach OTL gestartet: OTL logfile created on: 29.08.2012 17:48:41 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\User\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,59% Memory free 7,98 Gb Paging File | 7,34 Gb Available in Paging File | 91,93% Paging File free Paging file location(s): d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 12,33 Gb Free Space | 22,10% Space Free | Partition Type: NTFS Drive D: | 420,09 Gb Total Space | 172,60 Gb Free Space | 41,09% Space Free | Partition Type: NTFS Drive G: | 14,95 Gb Total Space | 7,40 Gb Free Space | 49,49% Space Free | Partition Type: FAT32 Drive Z: | 511,42 Gb Total Space | 245,71 Gb Free Space | 48,05% Space Free | Partition Type: NTFS Computer Name: GANY3 | User Name: User | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.29 17:01:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.07.07 03:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.22 19:16:38 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Programme(x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.06.01 05:05:18 | 002,011,056 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.31 21:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.13 20:44:05 | 003,246,040 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.12.20 15:37:06 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- d:\Programme(x86)\Virtual CD V10\System\VC10SecS.exe -- (VC10SecS) SRV - [2010.12.13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- D:\Programme(x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.08 09:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Stopped] -- D:\Programme(x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.14 13:28:16 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.05.12 16:49:41 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.05.12 16:21:44 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.05.12 16:21:36 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.05.12 16:21:36 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.05.12 16:21:36 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.05 16:35:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.13 20:44:06 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.10.13 20:44:04 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2011.10.13 20:44:04 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011.07.13 13:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.07.13 13:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.19 09:53:32 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.09 16:27:52 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.12.02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.16 13:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.07 04:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.07.07 03:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.24 21:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 12:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys) DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.09.08 17:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3) DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.01.14 20:52:53 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.01.13 00:08:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/27 20:55:55] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999.05.05 06:22:00 | 000,008,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS -- (usbscan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = Z:\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2A57145C-7886-4EFC-B4A3-5492F0E884C0} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0A070DE4-169F-4F84-BC83-39B77186DBE0}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{2A57145C-7886-4EFC-B4A3-5492F0E884C0}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{396256E3-52B9-4BF2-BE51-B5480E3CB6E5}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{AD8A106B-AAEF-4275-A20B-5E41CFE843EA}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: D:\Programme(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme(x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme(x86)\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.14 20:54:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.14 20:54:14 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google \u00D6sterreich (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.at/search?q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Picasa (Enabled) = D:\Programme(x86)\Picasa3\npPicasa3.dll CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Web Assistant = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.457_0\ CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme(x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme(x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSimHDHook] C:\Program Files (x86)\ArcSoft\SimHD IM Plug-In\ArcSoft SimHD IM Plug-In.exe (ArcSoft) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Garmin Lifetime Updater] D:\Programme(x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] D:\Programme(x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [Nero MediaHome 4] D:\Programme(x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VC10Player] d:\Programme(x86)\Virtual CD V10\System\VC10Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [ApplePhotoStreams] D:\Programme(x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] D:\Programme(x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [MobileDocuments] D:\Programme(x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [ProcessExplorer] Z:\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com) O4 - HKCU..\Run: [SMASH] D:\Programme(x86)\SoftMaker Office 2010\SMASH.EXE (SoftMaker Software GmbH) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Programme(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRAMME\IncrediMail\bin\resources\WebMenuImg.htm File not found O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRAMME\IncrediMail\bin\resources\WebMenuImg.htm File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_64.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309E4477-7614-4BFE-820E-A4EC16159762}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 17:38:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.08.29 17:37:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.29 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.29 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.29 17:20:12 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.08.29 17:01:40 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.08.27 22:37:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer [2012.08.27 22:37:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer [2012.08.27 22:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.27 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.08.27 22:37:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple [2012.08.27 22:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.08.27 22:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.08.27 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.08.27 22:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.08.27 22:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.27 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.08.14 20:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.08.13 21:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.13 21:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.04 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Classic 4 [2012.08.03 21:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.08.02 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6 [2012.08.01 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Nik Software [2012.08.01 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ColorEfexPro4 [2004.04.20 08:37:24 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dao360.dll [1998.04.27 00:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Dao350.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.29 17:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 17:37:55 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 17:22:12 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 17:22:12 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 17:20:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 17:01:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.08.29 16:59:58 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.08.29 15:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.29 14:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 14:40:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898529061-575225583-3505721209-1000UA.job [2012.08.29 13:03:59 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.29 12:42:53 | 000,780,277 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.08.29 12:42:53 | 000,043,531 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.08.29 12:40:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898529061-575225583-3505721209-1000Core.job [2012.08.28 21:58:53 | 000,092,120 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012.08.28 00:40:55 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2012.08.27 23:09:55 | 000,203,776 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.27 22:50:20 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.08.27 22:37:22 | 000,001,561 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.08.26 21:16:50 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.08.22 14:41:08 | 000,002,412 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk [2012.08.17 09:27:54 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.08.16 20:46:58 | 004,833,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.14 20:54:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2012.08.04 21:22:39 | 000,000,760 | ---- | M] () -- C:\Users\User\Desktop\PhotoZoom Classic 4.lnk [2012.08.02 16:39:01 | 000,000,735 | ---- | M] () -- C:\Users\User\Desktop\Newsbin Pro 64.lnk [2012.07.31 22:45:09 | 000,000,788 | ---- | M] () -- C:\Users\User\Desktop\IrfanView Thumbnails.lnk [2012.07.31 22:45:09 | 000,000,694 | ---- | M] () -- C:\Users\User\Desktop\IrfanView.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 17:37:55 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 16:59:58 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.08.29 13:01:53 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.28 00:40:55 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf [2012.08.27 22:37:22 | 000,001,561 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.08.27 22:37:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.08.17 09:27:54 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.08.04 21:22:39 | 000,000,760 | ---- | C] () -- C:\Users\User\Desktop\PhotoZoom Classic 4.lnk [2012.08.03 21:30:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.03 21:30:44 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.07 18:48:42 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.05.07 18:48:41 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.05.07 18:48:41 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.05.07 18:48:41 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.05.07 18:48:41 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.02.23 05:26:34 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll [2012.01.31 21:36:50 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.10.24 21:55:18 | 000,003,254 | R--- | C] () -- C:\Windows\SysWow64\hptcpmon.ini [2011.10.19 16:12:06 | 000,004,440 | ---- | C] () -- C:\Windows\jnkvt_f.ini [2011.10.19 16:12:06 | 000,001,441 | ---- | C] () -- C:\Windows\cbtfw_zf24.ini [2011.10.12 21:28:39 | 000,001,588 | ---- | C] () -- C:\Windows\debugrcfile.ini [2011.08.19 15:51:43 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2011.08.19 15:51:43 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll [2011.08.18 15:21:15 | 000,020,531 | -H-- | C] () -- C:\ProgramData\W77X4 [2011.08.18 14:49:39 | 000,000,000 | ---- | C] () -- C:\Windows\prestopm.INI [2011.08.18 14:25:40 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL [2011.08.18 14:25:24 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2011.08.18 14:24:59 | 000,000,133 | ---- | C] () -- C:\Windows\A11U.INI [2011.08.01 23:11:24 | 000,007,609 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2011.05.28 20:01:36 | 000,780,277 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.04.10 20:05:21 | 005,000,967 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2438.jpg [2011.04.10 20:04:53 | 003,553,974 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2421.jpg [2011.04.10 20:04:49 | 004,429,222 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2420.jpg [2011.04.10 20:04:33 | 004,618,413 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2417.jpg [2011.04.10 20:00:34 | 004,444,651 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2414.jpg [2011.04.10 20:00:06 | 004,625,511 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2441.jpg [2011.03.31 22:17:14 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2011.03.20 15:40:15 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.03.12 22:00:12 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.03.10 22:51:45 | 006,713,765 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2148_bearbeitet-10.jpg [2011.03.10 22:47:07 | 006,713,765 | ---- | C] () -- C:\Users\User\AppData\Local\TempIMG_2148_bearbeitet-1.jpg [2011.03.10 20:34:24 | 000,092,120 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.01.02 19:51:57 | 000,000,022 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Sys6925.Config Collection.sys [2011.01.02 19:51:57 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin [2010.12.06 20:22:37 | 000,203,776 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.30 22:13:59 | 000,749,568 | R--- | C] () -- C:\Windows\SysWow64\agissi.dll [2010.11.30 22:13:59 | 000,348,160 | R--- | C] () -- C:\Windows\SysWow64\zshp2600.exe [2010.11.30 22:13:55 | 011,206,656 | R--- | C] () -- C:\Windows\SysWow64\zhhp_res.dll [2010.11.30 22:13:55 | 000,299,008 | R--- | C] () -- C:\Windows\SysWow64\zhhp2600.exe [2010.11.30 22:12:40 | 000,000,573 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010.11.22 19:54:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.11.19 23:08:29 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2010.11.19 23:04:34 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.19 23:04:33 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2010.11.19 23:04:33 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2010.11.19 23:04:33 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2010.11.19 23:04:32 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2070N.INI [2010.11.19 23:00:00 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2070n.dat [2010.11.19 22:59:22 | 000,000,228 | ---- | C] () -- C:\Windows\Brownie.ini [2010.11.15 15:08:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.10 14:33:07 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.08.08 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\9B25F289-C7DC-4D5B-B7E6-988B9B4B7C1A [2011.03.09 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acronis [2011.05.19 00:52:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Athentech [2012.02.28 01:40:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2012.08.28 00:03:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre [2010.12.02 22:36:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.01 12:18:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ColorEfexPro4 [2012.04.02 15:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2012.07.18 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cuobce [2011.07.23 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cuttermaran [2012.01.14 21:31:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Device Doctor [2011.10.13 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\E29450DB-C5D6-4CDF-BF4F-340562724E26 [2011.11.09 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eM Client for SoftMaker [2012.07.14 22:56:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\foobar2000 [2012.06.20 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN [2010.12.08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER [2011.03.07 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imagenomic [2012.02.07 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView [2012.07.18 15:36:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ixmoyd [2012.02.27 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kalenderchen [2012.01.06 21:12:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lasersoft Imaging [2010.11.19 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.07.26 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mediAvatar [2012.02.27 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mkvtoolnix [2012.07.27 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mp3tag [2012.01.06 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mresreg [2011.08.18 14:49:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NewSoft [2011.08.18 14:49:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NSBackup [2011.03.12 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScreeNet iSaver [2011.12.04 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftMaker [2012.04.02 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.31 22:56:08 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Virtual CD v10 [2012.05.17 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VoipBuster [2012.02.08 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\XnView [2011.03.30 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoWindow [2012.08.15 12:20:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 384 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 320 bytes -> C:\Users\Public\Documents\Spoerl, Heinrich - Die Feuerzangenbowle-(0001).pdf:SummaryInformation @Alternate Data Stream - 1117 bytes -> C:\Users\User\Documents\[Spamverdacht] Ihre BestellungReservierung bei www_DiTech_at vom 01_12_2010 2035.eml:OECustomProperty < End of report > Jetzt warte ich zuversichtlich auf Hilfe und bedanke mich vorweg schon herzlich. Heli |
Themen zu "Poizei-Virus" plötzlich da |
administrator, adobe, adobe flash player, antivirus, babylon toolbar, babylontoolbar, bankguard, bho, bonjour, browser, download, error, explorer, firefox, firewall, flash player, format, helper, homepage, index, install_0_msi.exe, launch, logfile, mp3, object, origin, plug-in, polizei-virus, programme, realtek, registry, security, software, usb 3.0 |