Police central e-crime unit hat mich erwischt

Ichauch33

Guten Abend,

heute bekam ich ganz unverhofft beim Surfen eine Meldung der "Police Central e-crime unit" in einem neuen Fenster. Dies ließ sich nicht schließen und ich wurde aufgefordert eine Geldsumme zu überweisen um diese Seite zu entfernen. Beim Neustarten tauchte nach einigen Sekunden das Fenster wieder auf.
Also habe ich im abgesicherten Modus den defogger und daraufhin OTL mit folgendem Egebnis laufen lassen:

OTL logfile created on: 15.01.2013 20:57:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich Bin\meine Datein\z- verschiedenes
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,86% Memory free
4,21 Gb Paging File | 3,91 Gb Available in Paging File | 92,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 10,23 Gb Free Space | 6,86% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LAPTOP | User Name: Ich Bin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.02 09:53:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ich Bin\meine Datein\z- verschiedenes\OTL.exe
PRC - [2008.10.29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.05.11 01:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2007.05.10 22:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007.01.12 21:31:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.12 21:31:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Eapp0vg)
SRV - [2012.06.14 22:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.07.17 21:14:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008.12.10 13:43:02 | 000,020,480 | ---- | M] (Carl Zeiss) [Auto | Stopped] -- C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe -- (MTBService)
SRV - [2008.01.21 02:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.09 12:58:34 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.01.15 20:51:43 | 000,100,352 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\uwddapow.sys -- (uwddapow)
DRV - [2013.01.15 17:46:42 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.09.13 03:35:16 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.05.05 15:30:01 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.12.09 09:37:18 | 001,653,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\p2usbhum.sys -- (iComp)
DRV - [2009.10.26 15:21:20 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.03 07:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2009.03.17 17:17:06 | 000,140,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.26 04:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.06.11 10:23:00 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007.11.15 13:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.09.10 07:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.08.06 13:25:44 | 000,585,728 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.05.28 08:02:02 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3917336C-1AD9-4F67-B413-CD0C43ADB6B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HET&o=1581&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AA7&apn_dtid=^YYYYYY^YY^DE&apn_uid=965b4d3c-7d62-41e9-8444-e9e9993a784f&apn_sauid=C0D86837-DE94-436C-AB29-BE0D7C4223DB
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:2.1.4
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.9
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.6.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.7.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.4
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2736476&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 03:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 22:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 22:53:09 | 000,000,000 | ---D | M]

[2009.12.11 21:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Extensions
[2009.11.05 13:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\extensions
[2009.11.05 13:29:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2013.01.11 10:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions
[2012.06.16 14:58:30 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.01.11 10:09:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\firefox@ghostery.com
[2012.03.13 14:33:17 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\isreaditlater@ideashower.com
[2013.01.11 10:09:37 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.01.11 10:04:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.01.11 10:09:39 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.01.11 10:09:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.16 22:54:10 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.11 10:05:50 | 000,003,915 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\searchplugins\sweetim.xml
[2012.06.16 22:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.14 22:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.21 20:36:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.14 22:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 22:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 22:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 22:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 22:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 22:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}

O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SMessaging] C:\Users\Ich Bin\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ich Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif) - C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif (Ucuq)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - Reg Error: Value error. File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAF2B15-21EB-46E4-B1F7-7515B9FB5DC8}: DhcpNameServer = 80.69.100.174 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C70E345-B81B-4EC5-BF6F-B0DA42A32DB0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ich Bin\meine Datein\z- verschiedenes\Desktop- Hintergründe\Baum.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ich Bin\meine Datein\z- verschiedenes\Desktop- Hintergründe\Baum.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\autOplay\cOmmanD - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\AutoRun\command - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\eXplORe\CommAnd - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\Open\commaNd - "" = vmasb.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.15 20:51:43 | 000,100,352 | ---- | C] (GMER) -- C:\uwddapow.sys
[2013.01.12 20:52:31 | 000,000,000 | R--D | C] -- C:\Users\Ich Bin\Dropbox
[2013.01.12 20:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.12 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.12 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Dropbox
[2013.01.11 10:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Strongvault
[2013.01.11 10:06:42 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Local\Stronghold_LLC
[2013.01.11 10:06:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013.01.11 10:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013.01.11 10:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013.01.11 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.02 08:28:12 | 000,352,256 | -HS- | C] (Корпорация Майкрософт) -- C:\ProgramData\ms0001AAA0.dat
[2009.09.25 17:41:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013.01.15 20:51:43 | 000,100,352 | ---- | M] (GMER) -- C:\uwddapow.sys
[2013.01.15 20:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 20:49:55 | 195,816,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.15 20:45:18 | 000,001,356 | ---- | M] () -- C:\Users\Ich Bin\AppData\Local\d3d9caps.dat
[2013.01.15 19:15:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:15:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:15:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.15 19:14:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\0AAA1000sm.pad
[2013.01.15 19:13:51 | 000,000,878 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.15 17:47:17 | 106,012,007 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.01.15 17:46:42 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013.01.15 17:46:00 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.15 17:46:00 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.15 17:46:00 | 000,133,720 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.15 17:46:00 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.14 20:25:03 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[2013.01.14 16:38:15 | 000,227,819 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Januar L nach DD.pdf
[2013.01.14 16:37:34 | 000,055,925 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Flüge buchen - Germanwings Flug buchen.pdf
[2013.01.12 22:11:51 | 066,101,065 | ---- | M] () -- C:\Users\Ich Bin\Desktop\01 Titelnummer 1.mp3
[2013.01.12 20:51:07 | 000,000,959 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.04 19:23:43 | 010,131,328 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Männerbeben.pdf
[2012.12.29 09:39:04 | 000,227,857 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Januar.pdf

========== Files Created - No Company Name ==========

[2013.01.15 20:42:44 | 195,816,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.15 19:13:51 | 000,000,878 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.14 16:38:15 | 000,227,819 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Januar L nach DD.pdf
[2013.01.14 16:33:19 | 000,055,925 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Flüge buchen - Germanwings Flug buchen.pdf
[2013.01.12 22:06:37 | 066,101,065 | ---- | C] () -- C:\Users\Ich Bin\Desktop\01 Titelnummer 1.mp3
[2013.01.12 20:51:07 | 000,000,959 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.09 23:30:41 | 000,212,825 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Dezember.pdf
[2013.01.04 19:23:42 | 010,131,328 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Männerbeben.pdf
[2012.12.29 09:39:04 | 000,227,857 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Januar.pdf
[2012.12.02 09:43:03 | 000,000,020 | ---- | C] () -- C:\Users\Ich Bin\defogger_reenable
[2012.12.02 08:28:25 | 095,023,320 | ---- | C] () -- C:\ProgramData\0AAA1000sm.pad
[2012.12.01 20:53:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\7lRL0ux1i.dat
[2012.12.01 20:53:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\4393C220sm.pad
[2012.12.01 20:53:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\doeR23dF.exe_.b
[2012.12.01 20:53:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\doeR23dF.exe.b
[2012.10.06 20:31:56 | 000,069,788 | ---- | C] () -- C:\ProgramData\oegirtmlnyflhrw
[2012.08.08 22:44:26 | 212,156,928 | ---- | C] () -- C:\Users\Ich Bin\ghrt
[2012.07.02 18:08:17 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.05.29 18:52:22 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012.05.29 18:52:20 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.03 00:26:56 | 000,000,379 | ---- | C] () -- C:\Users\Ich Bin\Documents - Verknüpfung.lnk
[2011.11.17 01:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.10.31 13:55:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.31 13:55:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.25 20:56:11 | 000,000,275 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\HamsterVideoConverterSettings.cfg
[2009.11.26 07:35:06 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.28 18:15:11 | 000,001,576 | ---- | C] () -- C:\Users\Ich Bin\.recently-used.xbel
[2009.10.15 08:58:38 | 000,001,356 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\d3d9caps.dat
[2009.10.01 18:11:37 | 000,000,104 | ---- | C] () -- C:\Users\Ich Bin\Computer - Verknüpfung.lnk
[2009.09.25 17:41:07 | 000,087,608 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\inst.exe
[2009.09.25 17:41:07 | 000,007,887 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.cat
[2009.09.25 17:41:07 | 000,001,144 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.inf
[2009.09.10 17:05:31 | 000,241,152 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2008.11.06 13:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 02:24:29 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.01 21:19:21 | 000,000,000 | -HSD | M] -- C:\Users\Ich Bin\AppData\Roaming\248252
[2010.05.27 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\ACD Systems
[2011.06.26 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\AnvSoft
[2011.06.25 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Any Video Converter
[2009.11.07 18:39:10 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\avidemux
[2009.09.28 19:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Carl Zeiss
[2012.03.30 09:46:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DAEMON Tools Pro
[2010.12.19 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DataCast
[2012.07.02 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DesktopIconForAmazon
[2013.01.15 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Dropbox
[2011.03.15 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Ekyfed
[2010.01.19 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FileZilla
[2010.10.25 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FireShot
[2011.10.31 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FreePDF
[2011.02.24 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\GetRightToGo
[2009.10.28 18:21:37 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\gtk-2.0
[2011.05.30 12:59:21 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Imagenomic
[2012.03.13 08:03:35 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Leadertech
[2012.04.08 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\MAGIX
[2010.05.30 18:02:03 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\NCH Swift Sound
[2011.02.21 08:38:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Ofrat
[2009.11.22 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\OpenOffice.org
[2012.04.14 06:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Pegasys Inc
[2009.11.13 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Spesoft Audio Converter
[2013.01.11 10:07:08 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Strongvault
[2012.04.19 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\TuneUp Software
[2009.12.19 17:53:35 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Vso
[2011.07.23 08:25:46 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\WordToPDF
[2012.03.31 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\XMedia Recode

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Ich Bin\Desktop\Sonnenaufgang.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Ich Bin\Desktop\Dolby Surround Sound - (480 x 360).mp4:TOC.WMV

< End of report >

Die Extra.txt- Datei wurde leider nicht erstellt (habe es zwei Mal laufen lassen).

Der folgende Gmer- Scan hatte dieses Ergebnis:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 20:56:29
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB11 149,05GB
Running: Gmer.exe; Driver: C:\Users\ICHBIN~1\AppData\Local\Temp\uwddapow.sys


---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d134a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d134a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d134a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 2.0 ----

Der Scan mit Malwarebytes Anti-Malware zeite folgendes Ergebnis:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18828
Ich Bin :: LAPTOP [Administrator]

15.01.2013 21:12:24
mbam-log-2013-01-15 (21-12-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196803
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\ms0001AAA0.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Ich wäre sehr froh, wenn mir jemand helfen könnte.

Mit besten Grüßen,
Ichauch33