|
Plagegeister aller Art und deren Bekämpfung: Kazy Virus wieder einmalWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.04.2011, 17:20 | #1 |
| Kazy Virus wieder einmal Guten Abend Ich hab seid gestern auch diesen Kazy Virus. Mein PC hing. Aufeinmal Desktop Schwarz und nur noch der Papierkorb zu sehn. Antivir meldete sich mit diesem Kazy Virus und es kamen auch diverse Fehlermeldungen. Mein Pc lässt sich nur noch im Abgesicherten Modus bedienen weil sonst sich sofort alles aufhängt... Ich habe gesehen das die ganzen Ordner die verschwunden waren auf unsichtbar gestellt worden sind ... jetzt sind sie wieder da die Icons sind jedoch durchsichtig und lassen sich auch nicht alle öffnen. Ich habe nun wie meine Vorgänger einmal dieses Malewarebytes und OTL drüber laufen lassen. Vielen Dank schonmal für Hilfe!!!! Hier die logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 25.04.2011 12:08:48 mbam-log-2011-04-25 (12-08-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 464429 Laufzeit: 42 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 2 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Noble Casino (Adware.Casino) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swiss Casino (Adware.Casino) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\redflush (PUP.Casino.Gen) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Agent) -> Value: Policies -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: c:\Windows\System32\scvhost (Backdoor.Bot) -> No action taken. c:\Windows\SysWOW64\scvhost (Backdoor.Bot) -> No action taken. Infizierte Dateien: c:\Casino\noble casino\_setupcasino_5be9ef.exe (Adware.Casino) -> No action taken. c:\Casino\swiss casino\_setupcasino_65d43f.exe (Adware.Casino) -> No action taken. c:\microgaming\Casino\RedFlush\install.exe (PUP.Casino.Gen) -> No action taken. c:\Users\Amadeus\downloads\RedFlush.exe (PUP.Casino.Gen) -> No action taken. c:\Users\Amadeus\downloads\setupcasino_5be9ef.exe (Adware.Casino) -> No action taken. c:\Users\Amadeus\downloads\setupcasino_65d43f.exe (Adware.Casino) -> No action taken. c:\Users\Amadeus\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. OTL logfile created on: 25.04.2011 18:00:04 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 88,00% Memory free 8,00 Gb Paging File | 8,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 164,75 Gb Total Space | 19,58 Gb Free Space | 11,88% Space Free | Partition Type: NTFS Drive D: | 3,73 Gb Total Space | 3,35 Gb Free Space | 89,98% Space Free | Partition Type: FAT32 Drive E: | 1220,50 Gb Total Space | 847,78 Gb Free Space | 69,46% Space Free | Partition Type: NTFS Computer Name: AMADEUS-PC | User Name: Amadeus | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.25 11:15:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe ========== Modules (SafeList) ========== MOD - [2011.04.25 11:15:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.30 16:38:11 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.09 14:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2011.03.28 15:41:12 | 002,111,368 | -H-- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.12.26 10:52:39 | 000,075,064 | -H-- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.11.28 13:30:07 | 000,403,240 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.09.06 19:56:38 | 000,247,096 | -H-- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.12.12 13:44:09 | 000,607,048 | -H-- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 14:44:18 | 001,394,504 | -H-- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | -H-- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.09.23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.21 14:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.04.07 09:17:30 | 000,430,592 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.30 16:38:17 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.11.30 16:38:17 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.30 16:38:14 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.30 16:37:54 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.02.04 14:33:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.12.16 00:37:21 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2009.12.16 00:37:21 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.12.14 09:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.11.25 12:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.09.08 10:40:20 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2009.09.08 10:40:20 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2009.09.08 10:40:20 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2009.07.02 16:46:04 | 001,708,544 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.07.02 16:46:04 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.09.12 10:31:29 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2008.09.12 10:31:29 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2008.09.12 10:31:16 | 000,131,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0836.sys -- (SaiK0836) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2007.10.16 10:36:46 | 010,693,120 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.05.30 19:15:12 | 000,018,688 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV - [2009.12.14 09:21:44 | 000,016,392 | -H-- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.10.14 08:24:44 | 000,011,856 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2007.11.03 01:12:32 | 000,032,240 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2007.10.16 10:35:58 | 010,376,576 | -H-- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2965497 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {25b3130e-8513-41b6-8ea8-43dbc9cc0f12}:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.chatroulette.com/" FF - prefs.js..network.proxy.http: "82.206.129.160" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.21 16:43:56 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 16:17:01 | 000,000,000 | -H-D | M] [2010.01.29 19:16:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Extensions [2011.04.24 12:28:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions [2010.03.04 16:50:20 | 000,000,000 | -H-D | M] (lufthansa.com) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions\{25b3130e-8513-41b6-8ea8-43dbc9cc0f12} [2011.04.22 19:25:27 | 000,000,000 | -H-D | M] (Winload Community Toolbar) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.03.11 16:47:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.11 16:47:34 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.22 19:25:31 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Amadeus\AppData\Roaming\mozilla\Firefox\Profiles\otd6gy6a.default\extensions\engine@conduit.com [2010.06.03 10:43:19 | 000,002,004 | -H-- | M] () -- C:\Users\Amadeus\AppData\Roaming\Mozilla\Firefox\Profiles\otd6gy6a.default\searchplugins\3dlam-suche.xml [2011.03.16 18:27:44 | 000,000,917 | -H-- | M] () -- C:\Users\Amadeus\AppData\Roaming\Mozilla\Firefox\Profiles\otd6gy6a.default\searchplugins\conduit.xml [2011.04.21 10:44:26 | 000,001,056 | -H-- | M] () -- C:\Users\Amadeus\AppData\Roaming\Mozilla\Firefox\Profiles\otd6gy6a.default\searchplugins\icqplugin.xml [2011.04.24 12:28:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.29 19:12:28 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.23 12:16:19 | 000,000,000 | -H-D | M] (Mein Gutscheincode Finder) -- C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX [2010.01.29 19:13:35 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2006.09.26 12:03:14 | 000,098,304 | -H-- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.12.13 23:47:45 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.13 23:47:45 | 000,002,344 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 23:47:45 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.13 23:47:45 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.13 23:47:45 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.03 00:55:29 | 000,000,994 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [LyxDpHvjYMMKj] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Amadeus\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Amadeus\AppData\Roaming\install\svchost.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Update Service = C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Amadeus\AppData\Roaming\install\svchost.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Update Service = C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6ea39c04-15a2-11e0-9676-002421deb866}\Shell - "" = AutoRun O33 - MountPoints2\{6ea39c04-15a2-11e0-9676-002421deb866}\Shell\AutoRun\command - "" = K:\Install.exe O33 - MountPoints2\{a43fda6e-1189-11df-9a21-002421deb866}\Shell - "" = AutoRun O33 - MountPoints2\{a43fda6e-1189-11df-9a21-002421deb866}\Shell\AutoRun\command - "" = D:\FarCryAutoCD.exe O33 - MountPoints2\{a43fdb66-1189-11df-9a21-002421deb866}\Shell - "" = AutoRun O33 - MountPoints2\{a43fdb66-1189-11df-9a21-002421deb866}\Shell\AutoRun\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Amadeus\AppData\Roaming\Malwarebytes [2011.04.25 11:21:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.25 11:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 11:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 11:21:31 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.25 11:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.22 19:25:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Simulator [2011.04.22 19:25:45 | 000,152,848 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2011.04.22 19:25:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Webcam Simulator [2011.04.22 19:25:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\wcs [2011.04.22 19:25:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Conduit [2011.04.22 19:25:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ConduitEngine [2011.04.22 19:25:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Winload [2011.04.22 19:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Amadeus\AppData\Local\Conduit [2011.04.22 19:25:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Mein Gutscheincode Finder [2011.04.19 19:00:15 | 000,000,000 | -H-D | C] -- C:\Users\Amadeus\AppData\Local\Netviewer [2011.04.19 17:04:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Microsoft [2011.04.19 17:04:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\MSN Toolbar [2011.04.19 17:04:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bing Bar Installer [2011.04.18 12:08:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXdirekt Bank AG [2011.04.18 12:08:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FXdirekt Bank AG [2011.04.14 20:42:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.14 20:42:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.14 20:42:40 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.14 20:42:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.14 20:42:40 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.14 20:42:36 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.14 20:42:36 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.14 20:42:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.14 20:42:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.14 20:42:33 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.14 20:42:33 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.14 20:42:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.14 20:42:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.14 20:42:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.14 20:42:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.14 20:42:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.14 20:42:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.14 20:42:22 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.14 20:42:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.14 20:42:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.14 20:42:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.14 20:42:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.14 20:42:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.14 20:42:22 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.14 20:42:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.14 20:42:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.14 20:42:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.14 20:42:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.14 20:42:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.14 20:42:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.14 20:42:12 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.14 20:42:12 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.14 20:42:12 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.14 20:42:12 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.14 20:42:12 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.14 20:42:11 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.14 20:42:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.14 20:42:11 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.12 19:46:30 | 000,000,000 | -H-D | C] -- C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl [2011.04.12 19:46:27 | 000,000,000 | -H-D | C] -- C:\Users\Amadeus\AppData\Local\vghd [2011.04.04 15:39:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Flush [2011.04.04 15:39:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\MGS [2011.04.04 15:39:03 | 000,000,000 | ---D | C] -- C:\Microgaming [2011.04.04 13:11:34 | 000,000,000 | ---D | C] -- C:\Casino [2011.04.02 13:54:27 | 000,000,000 | -H-D | C] -- C:\Users\Amadeus\AppData\Roaming\Apple Computer [2011.03.29 21:59:25 | 000,000,000 | -H-D | C] -- C:\Programme\Keller3 [2011.03.29 21:45:30 | 000,000,000 | -H-D | C] -- C:\Programme\Keller2 [2011.03.29 21:39:51 | 000,000,000 | -H-D | C] -- C:\Programme\Keller [2011.03.29 17:08:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keller-Systeme [2011.03.29 17:08:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\KELLER [2011.03.29 17:08:04 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2011.03.29 16:30:16 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2011.03.29 16:30:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.03.29 16:30:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2010.07.14 07:42:31 | 000,155,648 | -H-- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2010.07.14 07:42:31 | 000,057,344 | -H-- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2010.07.14 07:42:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.25 17:59:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.25 17:58:54 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 11:22:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.25 11:22:46 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.25 11:22:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.25 11:22:46 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.25 11:22:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.25 11:21:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 09:08:23 | 000,014,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 09:08:23 | 000,014,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 09:01:28 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys [2011.04.24 09:01:28 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2011.04.23 12:17:05 | 000,000,958 | -H-- | M] () -- C:\Users\Amadeus\Desktop\Webcam Simulator.lnk [2011.04.22 16:46:28 | 000,230,424 | ---- | M] () -- C:\img2-001.raw [2011.04.18 12:08:46 | 000,002,325 | -H-- | M] () -- C:\Users\Public\Desktop\FEXtrader Pro LIVE.lnk [2011.04.18 12:08:46 | 000,002,325 | -H-- | M] () -- C:\Users\Public\Desktop\FEXtrader Pro DEMO.lnk [2011.04.15 16:11:32 | 005,923,462 | -H-- | M] () -- C:\Users\Amadeus\Desktop\01-scooter_-_friends_turbo_(movie_version).mp3 [2011.04.15 03:27:59 | 000,314,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.12 19:46:30 | 000,001,074 | -H-- | M] () -- C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011.04.04 15:39:29 | 000,001,793 | -H-- | M] () -- C:\Users\Public\Desktop\Red Flush.lnk [2011.04.04 13:51:11 | 000,000,745 | -H-- | M] () -- C:\Users\Public\Desktop\Swiss Casino.lnk [2011.04.04 13:11:36 | 000,000,745 | -H-- | M] () -- C:\Users\Public\Desktop\Noble Casino.lnk [2011.04.02 13:27:36 | 003,794,132 | -H-- | M] () -- C:\Users\Amadeus\Desktop\ZZ Top - Gimme All Your Lovin'.mp3 [2011.04.02 12:34:41 | 002,180,770 | -H-- | M] () -- C:\Users\Amadeus\Desktop\01 - Tush.mp3 [2011.03.28 16:04:55 | 002,510,085 | -H-- | M] () -- C:\Users\Amadeus\Desktop\13-you-never-can-tell.mp3 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.25 11:21:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 14:45:50 | 005,923,462 | -H-- | C] () -- C:\Users\Amadeus\Desktop\01-scooter_-_friends_turbo_(movie_version).mp3 [2011.04.22 19:25:46 | 000,000,958 | -H-- | C] () -- C:\Users\Amadeus\Desktop\Webcam Simulator.lnk [2011.04.18 12:08:46 | 000,002,325 | -H-- | C] () -- C:\Users\Public\Desktop\FEXtrader Pro LIVE.lnk [2011.04.18 12:08:46 | 000,002,325 | -H-- | C] () -- C:\Users\Public\Desktop\FEXtrader Pro DEMO.lnk [2011.04.12 19:46:31 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2011.04.12 19:46:31 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2011.04.12 19:46:30 | 000,001,074 | -H-- | C] () -- C:\Users\Amadeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011.04.04 15:39:03 | 000,001,793 | -H-- | C] () -- C:\Users\Public\Desktop\Red Flush.lnk [2011.04.04 13:51:11 | 000,000,757 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiss Casino.lnk [2011.04.04 13:51:11 | 000,000,745 | -H-- | C] () -- C:\Users\Public\Desktop\Swiss Casino.lnk [2011.04.04 13:11:36 | 000,000,757 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Noble Casino.lnk [2011.04.04 13:11:36 | 000,000,745 | -H-- | C] () -- C:\Users\Public\Desktop\Noble Casino.lnk [2011.04.02 13:54:19 | 000,272,180 | -H-- | C] () -- C:\Users\Amadeus\Desktop\Brennender Handschuh.3gp [2011.04.02 13:27:26 | 003,794,132 | -H-- | C] () -- C:\Users\Amadeus\Desktop\ZZ Top - Gimme All Your Lovin'.mp3 [2011.04.02 12:34:39 | 002,180,770 | -H-- | C] () -- C:\Users\Amadeus\Desktop\01 - Tush.mp3 [2011.03.28 16:04:48 | 002,510,085 | -H-- | C] () -- C:\Users\Amadeus\Desktop\13-you-never-can-tell.mp3 [2010.12.26 10:52:40 | 000,215,128 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.26 10:52:39 | 002,434,856 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.26 10:52:39 | 000,075,064 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.11.01 15:58:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.13 10:51:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.09.28 16:26:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\golyek.dat [2010.07.14 07:42:34 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2010.07.14 07:42:32 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.07.14 07:42:32 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.07.14 07:42:32 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.06.16 00:28:54 | 000,002,857 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.01 02:11:48 | 000,043,520 | -H-- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.03.31 13:17:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.01.31 13:06:28 | 000,000,017 | -H-- | C] () -- C:\Users\Amadeus\AppData\Local\resmon.resmoncfg [2010.01.29 19:07:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.27 23:07:09 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2010.01.27 22:35:22 | 000,010,752 | -H-- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.01.18 16:18:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.18 11:42:41 | 199,394,291 | -H-- | C] () -- C:\Program Files (x86)\Worms World Party.exe [2009.12.21 14:28:20 | 000,000,072 | ---- | C] () -- C:\Windows\cryavitowmv.ini [2009.12.21 14:27:44 | 000,000,005 | -H-- | C] () -- C:\Windows\SysWow64\SySavitowmv.dat [2009.12.18 20:05:29 | 000,178,176 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.12.18 20:05:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.12.18 20:05:27 | 000,819,200 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.12.18 20:05:27 | 000,180,224 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.12.18 20:05:25 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.08.12 12:47:47 | 000,003,830 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.01.23 14:11:20 | 000,141,312 | -H-- | C] () -- C:\Windows\SysWow64\QFClient2.dll [2005.04.08 04:16:43 | 000,367,582 | -H-- | C] () -- C:\Users\Amadeus\AppData\Roaming\cglogs.dat [2003.01.07 17:05:08 | 000,002,695 | -H-- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI < End of report > OTL Extras logfile created on: 25.04.2011 18:00:04 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 88,00% Memory free 8,00 Gb Paging File | 8,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 164,75 Gb Total Space | 19,58 Gb Free Space | 11,88% Space Free | Partition Type: NTFS Drive D: | 3,73 Gb Total Space | 3,35 Gb Free Space | 89,98% Space Free | Partition Type: FAT32 Drive E: | 1220,50 Gb Total Space | 847,78 Gb Free Space | 69,46% Space Free | Partition Type: NTFS Computer Name: AMADEUS-PC | User Name: Amadeus | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UACDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe" = C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe:*:Enabled:Windows Firewall Update "C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe" = C:\Users\Amadeus\AppData\Roaming\scvhost\scvhost.exe:*:Enabled:Windows Firewall Update ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02A116A8-E559-488C-879C-B212F3EA963A}" = Far Cry (Patch 1.32 AMD64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3E7D0D06-E32D-4F06-BB55-1671C8391D8E}" = Saitek SD6 Programming Software 6.5.2.0 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding "{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0 "{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3) "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista "{3fd4d594-5cdb-4f69-91b7-2cd2308f03ba}" = Nero 9 Trial "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4) "{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{c89941c6-2445-4888-936f-ddd9602bc28e}" = Nero 9 Essentials "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{CE227560-EC2C-4263-8F64-FC4715721BCF}" = Cockpit "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4 "{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "conduitEngine" = Conduit Engine "Counter-Strike: Source v17" = Counter-Strike: Source v17 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "EADM" = EA Download Manager "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FEXtraderPro" = FEXtrader Pro "Free Screen To Video_is1" = Free Screen To Video V 1.2 "GCH Guitar academy" = GCH Guitar academy "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.27022) "Hydrogen" = Hydrogen "ICQToolbar" = ICQ Toolbar "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full) "LogMeIn Hamachi" = LogMeIn Hamachi "lufthansa.com_is1" = lufthansa.com 1.1 "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Noble Casino" = Noble Casino "NSIS_doas" = Das große Oxford Wörterbuch "OpenAL" = OpenAL "Pflanzen gegen Zombies" = Pflanzen gegen Zombies "Pflanzen gegen Zombies Deluxe" = Pflanzen gegen Zombies Deluxe "PunkBusterSvc" = PunkBuster Services "QUICKfind" = QUICKfind server v1.1 "redflush" = Red Flush "Save Flash" = Save Flash 4.3 "Sniper Ghost Warrior Deutsch Patch 1.0" = Sniper Ghost Warrior Deutsch Patch 1.0 "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior "Steam App 240" = Counter-Strike: Source "Steam App 320" = Half-Life 2: Deathmatch "Swiss Casino" = Swiss Casino "SYMplus Drehen deu" = SYMplus Drehen deu "TuneUp Utilities" = TuneUp Utilities "Two Worlds II" = Two Worlds II "UT2004" = Unreal Tournament 2004 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.5 "Webcam Simulator_is1" = Webcam Simulator 6.3 "WinLiveSuite" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "Worms Reloaded_is1" = Worms Reloaded "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "VirtuaGirl_is1" = VirtuaGirl Version 1.0.6.00 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
26.04.2011, 09:48 | #2 |
| Kazy Virus wieder einmal kann mir keiner helfen?? ich brauch meinen PC fürs mündliche abi ganz dringend
__________________ |
26.04.2011, 19:04 | #3 |
/// Malware-holic | Kazy Virus wieder einmal ja, wichtige dinge haben alle mit ihren pcs zu tun, zähl mal durch wie viele themen in den letzten tagen erstellt wurden und wie viele aktieve helfer wir haben, und dann überleg dir bitte noch mal ob es ok ist sich zu beschweren wenn man vllt mal nen tag oder mehr warten muss.
__________________wir haben nämlich auch ein privat leben, und machen das hier kostenlos und in unserer freizeit. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
26.04.2011, 20:02 | #4 |
| Kazy Virus wieder einmal Nee ich wollte mich doch nicht beschweren!! Ich hatte Angst, dass ich vergessen werde .... Tut mir leid und danke nochmal für Hilfe!! hier der Log von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-24.04 - Amadeus 26.04.2011 20:49:04.1.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.3508 [GMT 2:00] ausgeführt von:: c:\users\Amadeus\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\install . . ((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 )))))))))))))))))))))))))))))) . . 2072-04-03 11:13 . 2008-03-21 12:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2071-07-25 07:13 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2011-04-26 18:54 . 2011-04-26 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-25 09:21 . 2011-04-25 09:21 -------- d-----w- c:\users\Amadeus\AppData\Roaming\Malwarebytes 2011-04-25 09:21 . 2011-04-25 09:21 -------- d-----w- c:\programdata\Malwarebytes 2011-04-25 09:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-25 09:21 . 2011-04-25 09:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-25 09:21 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 17:25 . 2011-04-23 10:17 -------- d-----w- c:\program files (x86)\Webcam Simulator 2011-04-22 17:25 . 2011-04-22 17:25 -------- d-----w- c:\program files (x86)\Common Files\wcs 2011-04-22 17:25 . 2004-03-08 22:00 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX 2011-04-22 17:25 . 2011-04-22 17:25 -------- d-----w- c:\program files (x86)\Conduit 2011-04-22 17:25 . 2011-04-23 10:16 -------- d-----w- c:\program files (x86)\Winload 2011-04-22 17:25 . 2011-04-22 17:25 -------- d-----w- c:\users\Amadeus\AppData\Local\Conduit 2011-04-22 17:25 . 2011-04-23 10:16 -------- d-----w- c:\program files (x86)\Mein Gutscheincode Finder 2011-04-22 09:57 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35F59F72-E28A-4296-ACDB-1CD487AA62E8}\mpengine.dll 2011-04-19 17:00 . 2011-04-19 17:00 -------- d-----w- c:\users\Amadeus\AppData\Local\Netviewer 2011-04-19 15:04 . 2011-04-19 15:04 -------- d-----w- c:\program files (x86)\Microsoft 2011-04-19 15:04 . 2011-04-19 15:04 -------- d-----w- c:\program files (x86)\MSN Toolbar 2011-04-19 15:04 . 2011-04-19 15:04 -------- d-----w- c:\program files (x86)\Bing Bar Installer 2011-04-19 15:03 . 2011-04-19 15:03 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fb8826001cbfea209\InstallManager_WLE_WLE.exe 2011-04-19 15:03 . 2011-04-19 15:03 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f67e79c01cbfea208\MeshBetaRemover.exe 2011-04-18 10:08 . 2011-04-18 10:08 -------- d-----w- c:\program files (x86)\FXdirekt Bank AG 2011-04-12 17:46 . 2011-04-26 18:14 7 ----a-w- c:\windows\treeskp.sys 2011-04-12 17:46 . 2011-04-26 18:14 7 ----a-w- c:\windows\sbacknt.bin 2011-04-12 17:46 . 2011-04-12 17:46 -------- d-----w- c:\users\Amadeus\AppData\Local\vghd 2011-04-04 13:39 . 2011-04-04 13:42 -------- d-----w- c:\programdata\MGS 2011-04-04 13:39 . 2011-04-04 13:39 -------- d-----w- C:\Microgaming 2011-04-04 11:11 . 2011-04-04 11:51 -------- d-----w- C:\Casino 2011-04-02 11:54 . 2011-04-02 11:54 -------- d-----w- c:\users\Amadeus\AppData\Roaming\Apple Computer 2011-03-29 19:39 . 2011-03-29 19:41 -------- d-----w- c:\program files\Keller 2011-03-29 15:08 . 2011-03-29 19:31 -------- d-----w- c:\program files (x86)\KELLER 2011-03-29 15:08 . 1998-11-17 12:44 328704 ----a-w- c:\windows\IsUn0407.exe 2011-03-29 14:30 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2011-03-29 14:30 . 2011-03-29 14:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-09 15:49 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-19 06:37 . 2011-03-09 15:52 1135104 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:37 . 2011-03-09 15:52 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:36 . 2011-03-09 15:52 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 05:32 . 2011-03-09 15:52 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 05:32 . 2011-03-09 15:52 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-02-02 16:11 . 2009-12-13 11:36 270720 ------w- c:\windows\system32\MpSigStub.exe 2005-06-27 15:20 . 2010-01-18 09:42 199394291 ----a-w- c:\program files (x86)\Worms World Party.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-04-14 04:37 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}] 2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\Winload\prxtbWinl.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336] "ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-01 119608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] . c:\users\Amadeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DesktopVideoPlayer.lnk - c:\users\Amadeus\AppData\Local\vghd\bin\vghd.exe [2011-4-12 797184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s "ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "FixCamera"=c:\windows\FixCamera.exe "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "tsnpstd3"=c:\windows\tsnpstd3.exe "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368] R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x] R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-14 16392] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - GDPkIcpt *Deregistered* - gdwfpcd . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-04-14 04:37 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-08-28 194560] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2965497 mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe FF - ProfilePath - c:\users\Amadeus\AppData\Roaming\Mozilla\Firefox\Profiles\otd6gy6a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q= FF - prefs.js: network.proxy.http - 82.206.129.160 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: lufthansa.com: {25b3130e-8513-41b6-8ea8-43dbc9cc0f12} - %profile%\extensions\{25b3130e-8513-41b6-8ea8-43dbc9cc0f12} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Winload Community Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - c:\program files (x86)\Mein Gutscheincode Finder\Firefox FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: browser.blink_allowed - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-04-26 20:56:19 ComboFix-quarantined-files.txt 2011-04-26 18:56 . Vor Suchlauf: 25 Verzeichnis(se), 20.893.392.896 Bytes frei Nach Suchlauf: 28 Verzeichnis(se), 20.804.902.912 Bytes frei . - - End Of File - - 7BD1A9772FCA92A92F12540B8E4929E8 |
26.04.2011, 20:13 | #5 |
/// Malware-holic | Kazy Virus wieder einmal lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar danach versuch mal Malwarebytes update und vollständigen scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.04.2011, 20:16 | #6 |
| Kazy Virus wieder einmal Unhide hab ich schon gemacht Malewarebyte kann ich nicht updaten da mein PC nur im abgesicherten Modus läuft .... Und da habe ich keine Internetverbindung |
26.04.2011, 20:41 | #7 |
/// Malware-holic | Kazy Virus wieder einmal machst du onlinebanking /einkäufe?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.04.2011, 20:45 | #8 |
| Kazy Virus wieder einmal onlinebanking jetzt nicht direkt aber Online Einkaufen schon warum? |
27.04.2011, 11:53 | #9 |
/// Malware-holic | Kazy Virus wieder einmal du hast eine malware die es auf solche daten abgesehen hatt, da wir nicht 100 %ig garantieren können das wir den pc sauber bekommen ist daten sichern formatieren neu aufsetzen angesagt. ich zeige dir wie man das system richtig absichert falls erwünscht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.04.2011, 11:54 | #10 |
| Kazy Virus wieder einmal Natoll heißt formatieren usw.? Wie sicher ich denn meine Dateien am besten? Gruß |
27.04.2011, 12:00 | #11 |
| Kazy Virus wieder einmal Und gibt es wirklich keine Alternative?? |
27.04.2011, 12:04 | #12 |
/// Malware-holic | Kazy Virus wieder einmal naja, wäre es dier lieber wenn einer deine daten klaut und in deinem namen unfug betreibt? das kann böse enden. sichere alle dokumente bilder musik aus legalen quellen auf externe datenträger, meld dich wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.04.2011, 18:16 | #13 |
| Kazy Virus wieder einmal So bin fertig mit Sichern... Ich habe meinen PC erst seit einem Jahr und damals gabs nur ein Windows 7 Upgrade... kann ich damit denn einfach Formatieren? |
27.04.2011, 18:31 | #14 |
/// Malware-holic | Kazy Virus wieder einmal ist das ne cd?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.04.2011, 18:32 | #15 |
| Kazy Virus wieder einmal Jop wenn ich von der Boote hab ich nur die Option Windows 7 Installieren |
Themen zu Kazy Virus wieder einmal |
0x00000001, 7-zip, adblock, adware.casino, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, conduit, desktop, device driver, disabletaskmgr, error, explorer, firefox, flash player, format, grand theft auto, helper, hilfe!!, home, install.exe, location, logfile, mozilla, object, oldtimer, plug-in, port, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, sptd.sys, start menu, system, syswow64, usb, virus, webcheck, winload toolbar |