Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei Deutschland - Virus ( 100 € zahlen )

Polizei Deutschland - Virus ( 100 € zahlen )


Plagegeister aller Art und deren Bekämpfung: Polizei Deutschland - Virus ( 100 € zahlen )

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.08.2012, 17:31   #1
crowe
 
Polizei Deutschland - Virus ( 100 € zahlen ) - Standard

Polizei Deutschland - Virus ( 100 € zahlen )


Ich habe diesen Virus, der nach dem hochfahren als Pop-Up erscheint und vermeintlich ers weggeht, wenn ich 100 € überweise...

Bin über den " abgesicherten Modus mit Netzwerktreibern " ins Internet gekommen und habe mit OTL gescannt:



Code:
ATTFilter
OTL logfile created on: 31.08.2012 00:01:09 - Run 4
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\HEBERLE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,93% Memory free
3,93 Gb Paging File | 2,99 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 72,11 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: HEBERLE-PC | User Name: HEBERLE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HEBERLE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112555&tt=090812_bab_3212_2&babsrc=HP_ss&mntrId=08c73d470000000000000018e734f414
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 DE 58 CD DC 08 CB 01  [binary data]
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=090812_bab_3212_2&babsrc=SP_ss&mntrId=08c73d470000000000000018e734f414
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\HEBERLE\Desktop\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\HEBERLE\Desktop\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.11 20:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\
 
[2012.08.10 23:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.searchqu.com/web?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchqu.com/406
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\HEBERLE\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3844083916-388341797-1782826656-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3844083916-388341797-1782826656-1000..\Run: [DAEMON Tools Lite] C:\Users\HEBERLE\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3844083916-388341797-1782826656-1000..\Run: [Internet Security] C:\Users\HEBERLE\AppData\Roaming\isecurity.exe File not found
O4 - HKU\S-1-5-21-3844083916-388341797-1782826656-1000..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe File not found
O4 - HKU\S-1-5-21-3844083916-388341797-1782826656-1000..\Run: [RMActivate_ssp] C:\Users\HEBERLE\AppData\Local\Microsoft\Windows\2797\RMActivate_ssp.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\HEBERLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\HEBERLE\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HEBERLE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FE77D8F-EB95-4919-B19F-17F4141CFFED}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{093667f1-bdca-11e0-8e78-00270e0f1871}\Shell - "" = AutoRun
O33 - MountPoints2\{093667f1-bdca-11e0-8e78-00270e0f1871}\Shell\AutoRun\command - "" = F:\Doom_3_Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 23:44:30 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\HEBERLE\Desktop\OTL.exe
[2012.08.30 23:03:21 | 000,000,000 | ---D | C] -- C:\Users\HEBERLE\AppData\Roaming\hellomoto
[2012.08.23 21:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.08.23 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.08.17 18:29:47 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.16 02:37:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 02:37:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 02:37:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 02:37:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 02:37:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 02:37:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 02:37:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 02:19:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 02:19:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.10 23:50:47 | 000,000,000 | ---D | C] -- C:\Users\HEBERLE\AppData\Roaming\BabylonToolbar
[2012.08.10 23:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.10 23:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.08.10 23:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.10 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\HEBERLE\AppData\Roaming\Babylon
[2012.08.10 23:49:48 | 000,000,000 | ---D | C] -- C:\Users\HEBERLE\AppData\Roaming\YourFileDownloader
[2012.08.10 23:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader
[2012.08.10 23:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl
[2012.08.08 17:49:09 | 000,000,000 | ---D | C] -- C:\Users\HEBERLE\Desktop\Training
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.30 23:44:30 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\HEBERLE\Desktop\OTL.exe
[2012.08.30 23:31:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 23:31:28 | 1582,452,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 23:09:43 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 23:06:48 | 000,009,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:06:48 | 000,009,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 18:10:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for HEBERLE.job
[2012.08.26 16:49:44 | 000,022,146 | ---- | M] () -- C:\Users\HEBERLE\Desktop\Bwin.ods
[2012.08.23 21:05:32 | 000,000,009 | ---- | M] () -- C:\END
[2012.08.23 21:04:46 | 000,001,375 | ---- | M] () -- C:\Users\HEBERLE\Desktop\Free YouTube to MP3 Converter.lnk
[2012.08.23 11:18:48 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.19 00:59:05 | 000,027,670 | ---- | M] () -- C:\Users\HEBERLE\.recently-used.xbel
[2012.08.17 19:54:52 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012.08.16 12:54:42 | 000,293,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.12 14:54:14 | 000,698,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.12 14:54:14 | 000,653,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.12 14:54:14 | 000,148,596 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.12 14:54:14 | 000,121,550 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.10 23:50:30 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.08.08 00:10:28 | 000,207,289 | ---- | M] () -- C:\torrent.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.23 21:05:32 | 000,000,009 | ---- | C] () -- C:\END
[2012.08.19 00:59:05 | 000,027,670 | ---- | C] () -- C:\Users\HEBERLE\.recently-used.xbel
[2012.08.17 18:29:49 | 000,001,375 | ---- | C] () -- C:\Users\HEBERLE\Desktop\Free YouTube to MP3 Converter.lnk
[2012.08.10 23:50:25 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.08.08 00:10:28 | 000,207,289 | ---- | C] () -- C:\torrent.exe
[2011.12.02 17:15:20 | 000,000,000 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\{4FD2F72A-21D8-4BA5-A932-44DD2CEBF06E}
[2011.11.13 16:58:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.11.13 16:52:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.09.10 13:41:15 | 000,000,000 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\{7322EF99-E7C0-4002-956E-80321301E221}
[2011.07.30 12:51:19 | 000,000,000 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\{A3DC7415-FB14-4755-9D44-B879AA92B7FD}
[2011.06.24 13:50:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.18 12:34:21 | 000,000,000 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\{954270C3-1255-4B99-924C-D4D346583F07}
[2011.05.31 12:56:50 | 000,000,000 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\{4CBB8802-0C47-4CEB-9903-AB1A96B1C22F}
[2011.05.12 23:40:20 | 000,007,611 | ---- | C] () -- C:\Users\HEBERLE\AppData\Local\Resmon.ResmonCfg
[2011.04.28 00:24:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\RPCNDFPd.dll
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010.10.15 19:48:19 | 000,000,090 | ---- | C] () -- C:\Windows\WA.INI
[2010.09.19 14:32:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.08.04 18:06:53 | 002,247,680 | ---- | C] () -- C:\Users\HEBERLE\fbchathistory.dat
 
========== LOP Check ==========
 
[2012.08.10 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Babylon
[2012.08.10 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\BabylonToolbar
[2012.05.17 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Bobaeq
[2010.09.19 13:47:16 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Broad Intelligence
[2012.06.01 12:56:14 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Comoco
[2011.08.04 01:22:54 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\DAEMON Tools Lite
[2012.08.23 21:18:17 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\DVDVideoSoft
[2012.08.23 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.19 01:01:34 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\gtk-2.0
[2012.08.30 23:03:37 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\hellomoto
[2011.12.13 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\HoldemManager
[2011.06.22 01:32:54 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\ICQ
[2010.10.03 09:12:10 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Jumping Bytes
[2010.10.03 09:13:34 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Mobile Master
[2010.06.20 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\mp3DirectCut
[2010.06.17 18:57:36 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\OpenOffice.org
[2011.05.12 23:44:43 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Opera
[2011.11.13 17:02:41 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\Samsung
[2012.02.11 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\toolplugin
[2010.12.25 01:22:01 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\XMedia Recode
[2012.08.10 23:49:48 | 000,000,000 | ---D | M] -- C:\Users\HEBERLE\AppData\Roaming\YourFileDownloader
[2012.07.15 10:53:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 00:01:09 - Run 4
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\HEBERLE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,93% Memory free
3,93 Gb Paging File | 2,99 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 72,11 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: HEBERLE-PC | User Name: HEBERLE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5D1CCF0-A029-4B59-9A59-5920531F0FF5}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FB8407-D355-4E98-8C02-5BC687564C37}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{21971A55-84ED-4AC1-AE79-A75ADC40B58C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{39ED0302-7901-45CF-82F9-71296B93DF7D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{403FAE41-FCE8-42E4-AA55-5E7AC5BE4D1E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4E9C4755-BAB8-45D9-A235-BB076608E96E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{52145B14-F5A8-4281-B002-30270E608EF9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{52E37332-ACA3-4E2B-A45F-326D82797843}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{55983011-5D6B-42D2-B7AD-80ED04499996}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5FA535C4-78F9-404B-875B-FD562B2222FF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6145B886-D442-49D4-9B55-088518FD9DA0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{6A542CA3-A6FF-4567-918C-EA8BA24E9798}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6AAE9291-DF04-41C0-A488-D0C0DD474B1B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{71B72EEB-474F-4733-8DF2-17619E8B0889}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{76DCB259-8AD8-4D28-A565-4BC1704AEA40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A990B0E-188A-42C0-927E-C8873EEEFC41}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8AFA691F-34FE-41E5-A652-C8290D7454BF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9AD2E8BF-37E0-4453-BA0E-03D989615863}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A8E19650-51F8-457E-9671-1CC39EEC8D28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B529ACCB-4EC0-4B54-83E4-7E4E0F48EA08}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{CEE41161-ECCB-41B5-A678-848411788FE5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DAB222B7-4A44-4765-BB24-0CEC204E79C3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{DEC59CD3-EE48-42AB-A666-372C3DE7D752}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EB360130-D6C4-4DAB-B01B-C4F436DBE154}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{EEF6DE02-5A02-48B3-8428-B0FD342CF4B5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F83BDDEB-EB76-4044-843F-B51878F16EBE}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{F9EE1EEB-C801-4CE1-AA6E-20CCA800B627}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"TCP Query User{474E9A9A-2DF4-4873-9C80-F1C7117FF1EC}C:\programmä älter\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\programmä älter\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{79E54A89-B9B0-4741-B2BC-F4E6E19D2E4E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9727E81D-D982-4D64-8147-81126121DE82}C:\program files\valve\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\half-life\hl.exe | 
"TCP Query User{9D4908F0-6475-4D05-A345-CD7B140AB050}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{ACC4B6DE-3E9B-44D4-AE05-3BA4DCBB8B23}C:\pes.2010-kaos\pes2010.exe" = protocol=6 | dir=in | app=c:\pes.2010-kaos\pes2010.exe | 
"TCP Query User{B96C0AC3-30FF-4B14-917A-3E0EACB3083E}C:\programme\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\programme\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{E43CF407-D387-4CAC-A516-FB7F779F152C}C:\programme\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\programme\ea games\battlefield 2\bf2.exe | 
"TCP Query User{F2230B47-CD6E-4F2B-A48F-D9B712C7B8F1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{117898D3-F02D-488D-87B8-62DB00A31F61}C:\pes.2010-kaos\pes2010.exe" = protocol=17 | dir=in | app=c:\pes.2010-kaos\pes2010.exe | 
"UDP Query User{18A12773-48F0-45DD-A587-53F2BCA51A63}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{29BC64AD-464D-485D-912D-FA206E43BFDD}C:\programme\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\programme\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{38A862B1-1D46-4E14-84E2-B3F75C2DBAE0}C:\program files\valve\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\half-life\hl.exe | 
"UDP Query User{9168076A-FAB9-4768-8481-87CB1FB5E255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A768BC63-ED64-49DE-A24E-C86C91C91F1E}C:\programme\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\programme\ea games\battlefield 2\bf2.exe | 
"UDP Query User{D4F3CA0B-07CD-4FBA-8474-DEAFBE567D6B}C:\programmä älter\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\programmä älter\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{EEBED131-3174-4C17-9583-70AFF4F4C9B5}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EBC7D0C-4E78-4EC5-BB10-A1D9A132BE66}" = Mobile Master
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1DB7CFC-1B10-4C49-8ECB-0D8A3A45D3CA}" = LogMeIn Hamachi
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Doom 3" = Doom 3
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.8
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.5
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.5.712
"Free YouTube Download_is1" = Free YouTube Download version 3.1.34.823
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.823
"GridinSoft Trojan Killer" = Trojan Killer
"Half-Life_is1" = Half-Life
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaCoder" = MediaCoder 0.7.5.4742
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Master" = Mobile Master 7.7.3
"NSS" = Norton Security Scan
"Opera 12.01.1532" = Opera 12.01
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"toolplugin" = toolplugin
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.9.7
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3844083916-388341797-1782826656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Titan Poker" = Titan Poker
"YourFileDownloader" = YourFileDownloader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 12:08:36 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-23 18:08:36 CESTFATAL:  the database system is starting up

 
Error - 24.08.2012 11:15:37 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-24 17:15:37 CESTFATAL:  the database system is starting up

 
Error - 26.08.2012 06:45:14 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-26 12:45:14 CESTFATAL:  the database system is starting up

 
Error - 27.08.2012 11:15:22 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-27 17:15:22 CESTFATAL:  the database system is starting up

 
Error - 28.08.2012 11:13:41 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-28 17:13:41 CESTFATAL:  the database system is starting up

 
Error - 30.08.2012 17:18:10 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-30 23:18:10 CESTFATAL:  the database system is starting up

 
Error - 30.08.2012 17:29:49 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-30 23:29:49 CESTFATAL:  the database system is starting up

 
Error - 30.08.2012 17:29:50 | Computer Name = HEBERLE-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-30 23:29:50 CESTFATAL:  the database system is starting up

 
Error - 30.08.2012 17:32:00 | Computer Name = HEBERLE-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x8007043C
 
Error - 30.08.2012 17:32:01 | Computer Name = HEBERLE-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
[ System Events ]
Error - 30.08.2012 17:19:47 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.08.2012 17:19:47 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.08.2012 17:21:37 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.08.2012 17:29:37 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 30.08.2012 17:31:54 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 30.08.2012 17:32:00 | Computer Name = HEBERLE-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   discache  spldr  StarOpen  Wanarpv6
 
Error - 30.08.2012 17:32:03 | Computer Name = HEBERLE-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.08.2012 17:32:12 | Computer Name = HEBERLE-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.08.2012 17:32:17 | Computer Name = HEBERLE-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.08.2012 17:32:18 | Computer Name = HEBERLE-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >






Wäre sehr dankbar für Hilfe!
 

Themen zu Polizei Deutschland - Virus ( 100 € zahlen )
autorun, babylon toolbar, babylontoolbar, bandoo, bho, browser, conduit, converter, defender, enigma, error, fehler, firefox, flash player, format, helper, homepage, install.exe, internet, langs, logfile, mp3, netzwerk, nvidia update, plug-in, realtek, registry, rundll, searchcore, security, software, super, taskhost.exe, udp, virus, windows, wrapper


« GVU Trojaner | SUISA Trojaner (inklusive logs) »


Ähnliche Themen: Polizei Deutschland - Virus ( 100 € zahlen )


  1. Interpol - Polizei Warnung mit Zeitangabe- soll innerhalb von 46 Stunden zahlen
    Log-Analyse und Auswertung - 04.02.2014 (97)
  2. GEMA Virus / 50€ Zahlen / Was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (14)
  3. Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland... - Virus
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (17)
  4. Polizei-Trojaner Österreich (100€ über Ukash zahlen)
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (14)
  5. AKM Virus 100 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  6. Polizei Ukash 100€ zahlen Virus - Österreich
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (15)
  7. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  8. Soll der Polizei 100€ Paysafe zahlen!
    Log-Analyse und Auswertung - 24.03.2012 (1)
  9. Virus Microsoft 50€ zahlen
    Log-Analyse und Auswertung - 15.03.2012 (23)
  10. bundespolizei deutschland virus
    Log-Analyse und Auswertung - 28.02.2012 (3)
  11. 50€ Zahlen Virus
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (6)
  12. Virus bei dem man 50€ zahlen muss
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (14)
  13. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  14. Virus blockt PC, BKA?, 50€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (1)
  15. Virus Sicherheitswahrnung 50€ zahlen
    Log-Analyse und Auswertung - 14.01.2012 (1)
  16. Virus von Windows 50€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (1)
  17. Samsung Wave mit Virus ab Werk - aber nur in Deutschland
    Nachrichten - 03.06.2010 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Deutschland - Virus ( 100 € zahlen ) - Ich habe diesen Virus, der nach dem hochfahren als Pop-Up erscheint und vermeintlich ers weggeht, wenn ich 100 € überweise... Bin über den " abgesicherten Modus mit Netzwerktreibern " ins - Polizei Deutschland - Virus ( 100 € zahlen )...
Archiv
Du betrachtest: Polizei Deutschland - Virus ( 100 € zahlen ) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27