Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 7 - Polizei-Virus

Windows 7 - Polizei-Virus


Plagegeister aller Art und deren Bekämpfung: Windows 7 - Polizei-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.03.2014, 21:33   #1
mar87
 
Windows 7 - Polizei-Virus - Standard

Windows 7 - Polizei-Virus


Hallo Trojaner-Board Gemeinde,

leider hat unser PC seit gestern Abend den bekannten Polizei-Virus.
Nach Neustart scheint er "normal" zu funktionieren, aber da dies natürlich nichts heißt (Malwarebytes hat 3 infizierte Dateien gefunden), wollte ich euch um Hilfe bitten, mir bei der Bereinigung zu helfen.

Vielen Dank für eure Mühe schon mal im Voraus!

LOG OTL:

Code:
ATTFilter
OTL logfile created on: 20.03.2014 19:28:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\878\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,38% Memory free
4,00 Gb Paging File | 2,90 Gb Available in Paging File | 72,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 287,68 Gb Free Space | 61,77% Space Free | Partition Type: NTFS
 
Computer Name: 878-PC | User Name: 878 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\878\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\878\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Programme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Clear History\ClearHistory.exe (CS Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\878\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\878\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (cpuz132) -- C:\Users\878\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (P1120VID) -- C:\Windows\System32\drivers\P1120Vid.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 F9 9C 5F 66 25 CE 01  [binary data]
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\878\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\878\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\878\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2012.12.01 16:42:43 | 000,000,000 | ---D | M]
 
[2010.10.05 18:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Extensions
[2011.09.15 20:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Firefox\Profiles\r9bisenm.default\extensions
[2011.09.15 22:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.05 18:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 15:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 19:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 09:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.10.05 18:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 15:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 19:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 09:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.05 18:26:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\878\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: Google Wallet = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2012.10.24 22:08:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe (CS Software)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [iLivid] "C:\Users\878\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [Steam] C:\Program Files\Steam1\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\878\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\878\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9806874B-4621-4D96-B9FC-D8CB4C695FAA}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell - "" = AutoRun
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.03.20 19:28:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2014.02.27 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Local\Skype
[2014.02.27 17:55:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014.02.27 17:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.02.27 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014.03.20 19:25:33 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.03.20 19:25:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.20 19:25:20 | 1610,006,528 | -HS- | M] () -- C:\hiberfil.sys
[2014.03.20 19:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.20 18:57:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.20 18:37:43 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4070557579-1729641792-2656704333-1001UA.job
[2014.03.20 18:22:35 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.20 18:22:35 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.20 17:51:58 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.03.20 17:51:58 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.03.20 17:51:58 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.03.20 17:51:58 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.03.20 08:08:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2014.03.19 09:37:18 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4070557579-1729641792-2656704333-1001Core.job
[2014.03.15 17:47:30 | 000,002,348 | ---- | M] () -- C:\Users\878\Desktop\Google Chrome.lnk
[2014.03.12 15:00:08 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.03.12 15:00:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.02.27 17:55:50 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2014.02.27 17:55:50 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.08.07 22:39:41 | 000,004,096 | -H-- | C] () -- C:\Users\878\AppData\Local\keyfile3.drm
[2013.04.25 22:57:42 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2012.11.25 13:31:47 | 000,000,464 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.21 07:27:53 | 000,027,520 | ---- | C] () -- C:\Users\878\AppData\Local\dt.dat
[2012.05.29 20:52:21 | 000,000,889 | ---- | C] () -- C:\Users\878\AppData\Local\recently-used.xbel
[2011.11.23 16:15:43 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{B99A73A0-AA41-4986-A67D-7E8B18B48CBE}
[2011.09.30 10:07:23 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{EC113985-85DB-4DC2-9ADE-06367B0D5E54}
[2011.05.29 18:22:15 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{68A286C1-2FC3-4162-8592-165066DD8103}
[2011.03.01 16:33:21 | 000,000,807 | ---- | C] () -- C:\Users\878\AppData\Roaming\FrameFun.ini
[2010.12.18 17:42:30 | 000,008,192 | ---- | C] () -- C:\Users\878\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 19:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 13:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.10.21 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\4Free
[2011.02.24 22:26:41 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AlawarSouthpoint
[2013.09.16 20:59:09 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Ashampoo
[2012.10.17 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG
[2013.05.15 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG2013
[2012.09.15 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Boomzap
[2013.08.08 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Canneverbe Limited
[2010.12.13 04:02:19 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\DeepBurner
[2014.03.20 19:26:29 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Dropbox
[2012.09.15 16:21:22 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\ERS Game Studios
[2011.03.20 02:37:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Floodlight Games
[2010.10.05 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit
[2010.10.05 18:26:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit Software
[2011.02.23 22:27:27 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GameHouse
[2011.02.25 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GamersDigital
[2011.01.31 17:04:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GARMIN
[2011.03.20 00:12:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Gogii
[2010.10.05 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\IrfanView
[2012.12.01 16:41:34 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Jumping Bytes
[2011.02.24 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\LittleGamesCompany
[2011.04.14 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MAGIX
[2012.12.01 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Mobile Master
[2014.01.28 22:52:59 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\mp3DirectCut
[2012.09.15 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MumboJumbo
[2012.12.01 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MyPhoneExplorer
[2010.10.05 18:29:35 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Opera
[2013.07.18 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Opera Software
[2012.09.15 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Orneon
[2012.05.29 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PhotoScape
[2011.06.24 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PlayFirst
[2012.09.10 21:42:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\RenPy
[2013.01.25 21:58:18 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Samsung
[2011.02.23 19:35:47 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Skip-Bo
[2011.08.09 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Softinterface, Inc
[2012.05.29 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Thinstall
[2012.09.15 22:52:29 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Top Evidence
[2013.05.15 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2010.11.12 21:42:38 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Uniblue
[2012.09.15 13:08:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\URSE Games
[2011.03.20 02:55:57 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\VampireSaga
[2011.08.09 12:24:58 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\WordToPDF
[2011.08.06 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\XnView
[2011.02.25 00:15:53 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Zylom
[2013.01.31 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.31 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014.03.16 17:24:42 | 000,000,000 | ---D | M](C:\Users\878\Desktop\???? ????????, ??????????, ?????????, ?????, ??????????, ???????, ????????????, ????????, ?????, ??????, ??????? ????, ?????????? ??????, street - photo, ?????????? ?????, ?????????? ??????????_files) -- C:\Users\878\Desktop\Фото репортаж, фотографии, запорожье, музей, фотография, хортица, фоторепортаж, выходной, казак, казаки, уличное фото, украинские казаки, street - photo, украинский казак, украинское казачество_files
[2014.02.26 14:35:07 | 000,000,000 | ---D | C](C:\Users\878\Desktop\???? ????????, ??????????, ?????????, ?????, ??????????, ???????, ????????????, ????????, ?????, ??????, ??????? ????, ?????????? ??????, street - photo, ?????????? ?????, ?????????? ??????????_files) -- C:\Users\878\Desktop\Фото репортаж, фотографии, запорожье, музей, фотография, хортица, фоторепортаж, выходной, казак, казаки, уличное фото, украинские казаки, street - photo, украинский казак, украинское казачество_files
[2011.07.16 01:26:42 | 014,814,100 | ---- | M] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv
[2011.07.16 01:25:52 | 014,814,100 | ---- | C] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv

< End of report >
Log Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.20.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
878 :: 878-PC [Administrator]

20.03.2014 19:58:03
MBAM-log-2014-03-20 (21-29-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382033
Laufzeit: 1 Stunde(n), 30 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\878\Downloads\u0413u0435u0440u0430u043au043b-u041du0430u0447u0430u043bu043e-u043bu0435u0433u0435u043du0434u044b---the-legend-of-hercules-2014-camrip-u043eu043du043bu0430u0439u043d_id748259ids1s.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Users\878\Downloads\u0413u0435u0440u0430u043au043b-u041du0430u0447u0430u043bu043e-u043bu0435u0433u0435u043du0434u044b---the-legend-of-hercules-2014-camrip-u043eu043du043bu0430u0439u043d_id748330ids1s.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Users\878\Downloads\SoftonicDownloader_fuer_mp3directcut.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.

(Ende)

 

Themen zu Windows 7 - Polizei-Virus
adobe, adobe flash player, avg, bho, browser, defender, excel, explorer, firefox, flash player, format, helper, homepage, infizierte, logfile, neustart, nvidia, online games, pdf, programme, registry, scan, secure search, security, software, taskhost.exe, temp, vtoolbarupdater, windows


« Trojan-Ransom.Win32.Crypren.prr | GVU Trojaner, jede Anleitung fehl geschlagen. »


Ähnliche Themen: Windows 7 - Polizei-Virus


  1. Windows 7 Pro 64-bit Polizei-Virus
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (54)
  2. Polizei virus
    Log-Analyse und Auswertung - 27.03.2014 (12)
  3. Windows 7, Polizei Virus mit Firefox eingefangen
    Log-Analyse und Auswertung - 14.01.2014 (12)
  4. Windows Vista: Polizei Virus/Trojaner
    Log-Analyse und Auswertung - 06.11.2013 (9)
  5. Windows 7: Polizei Virus mit weißem Bildschirm
    Log-Analyse und Auswertung - 27.09.2013 (13)
  6. Polizei virus
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  7. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (23)
  8. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (10)
  9. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  10. Windows Vista - Polizei Virus
    Log-Analyse und Auswertung - 09.10.2012 (31)
  11. Polizei Virus
    Log-Analyse und Auswertung - 27.09.2012 (3)
  12. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (11)
  13. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  14. Polizei VIRUS Österreich Windows VISTA
    Log-Analyse und Auswertung - 30.07.2012 (2)
  15. Polizei Virus Einheit 5.2 Österreich - Windows funktioniert sonst noch
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  17. Polizei virus
    Log-Analyse und Auswertung - 18.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 - Polizei-Virus - Hallo Trojaner-Board Gemeinde, leider hat unser PC seit gestern Abend den bekannten Polizei-Virus. Nach Neustart scheint er "normal" zu funktionieren, aber da dies natürlich nichts heißt (Malwarebytes hat 3 infizierte - Windows 7 - Polizei-Virus...
Archiv
Du betrachtest: Windows 7 - Polizei-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131