| |
| |||||||
Log-Analyse und Auswertung: Kann Trojaner (Fake Polizeisperre) nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.09.2011, 23:51
| #16 |
 |  Kann Trojaner (Fake Polizeisperre) nicht entfernen mhh... Ich glaube ich werds doch mal mit der Bereinigung versuchen. Ich arbeite so gut mit wies geht. Und wenn das dann wirklich nicht klappt lass ich windows neuinstallieren Und heißt das dann dass ich meine Zeit am PC allgemein einschränken soll während mein Rechner nicht clean ist? |
|
07.09.2011, 19:16
| #17 |
| /// Malwareteam   | Kann Trojaner (Fake Polizeisperre) nicht entfernenCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
07.09.2011, 21:07
| #18 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-09-07.04 - Anna 07.09.2011 21:46:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2814.1865 [GMT 2:00]
ausgeführt von:: c:\users\Anna\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.6\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\program files\Search Settings
c:\users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}
c:\users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}\chrome.manifest
c:\users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}\chrome\content\_cfg.js
c:\users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}\chrome\content\overlay.xul
c:\users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}\install.rdf
c:\users\Anna\AppData\Roaming\.#
c:\users\Anna\AppData\Roaming\.#\MBX@1850@362990.###
c:\users\Anna\AppData\Roaming\.#\MBX@1850@3629C0.###
c:\users\Anna\AppData\Roaming\.#\MBX@1850@3629F0.###
c:\users\Anna\AppData\Roaming\Adobe\plugs
c:\users\Anna\AppData\Roaming\Adobe\shed
c:\windows\system32\Dll.dll
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-07 bis 2011-09-07 ))))))))))))))))))))))))))))))
.
.
2011-09-07 19:51 . 2011-09-07 19:53 -------- d-----w- c:\users\Anna\AppData\Local\temp
2011-09-07 19:51 . 2011-09-07 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 22:46 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2FCF24-EE0E-4FE5-92A4-440304829D7D}\mpengine.dll
2011-08-26 12:07 . 2011-08-26 12:07 -------- d-----w- c:\program files\Activision
2011-08-24 21:26 . 2011-08-28 17:34 -------- d-----w- c:\program files\Application Updater
2011-08-24 21:26 . 2011-08-24 21:26 -------- d-----w- c:\program files\Common Files\Spigot
2011-08-22 18:05 . 2011-08-22 18:58 -------- d-----w- c:\program files\ICQ7.5
2011-08-19 21:05 . 2011-08-19 21:15 -------- d-----w- c:\program files\osu!
2011-08-09 20:36 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 09:20 . 2011-07-24 09:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2011-03-14 15:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-03-14 15:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"MacrokeyManager"="WTMKM.exe" [2009-12-22 5873384]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-1-1 113664]
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-3-24 1085440]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-3-20 1199400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 Wpssmbusi;Wpssmbusi; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-11-26 515816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-09-24 464384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000Core.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 20:36]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000UA.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 20:36]
.
2011-08-30 c:\windows\Tasks\Norton Security Scan for Anna.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 00:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Free YouTube Download - c:\users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: baur.de\vpn-portal1
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft Choice Guard: ChoiceGuard@Microsoft - %profile%\extensions\ChoiceGuard@Microsoft
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - %profile%\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-585210845-3960999194-72264236-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b2,ca,7b,5a,42,a8,fa,2f,2c,4f,24,11,42,19,1e,ea,a2,72,c9,58,9b,67,4c,
52,93,89,a6,58,aa,83,2d,e9,6a,4b,a4,a5,0f,02,9f,40,6b,bf,22,37,fa,f1,de,73,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-585210845-3960999194-72264236-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,b4,35,57,2e,ec,41,0a,64,39,a1,f4,ef,85,37,35,ab,98,7d,1e,79,
95,bd,ef,fc,c4,02,ea,1c,4f,0d,31,95,f6,30,1c,98,ae,ae,db,da,61,d9,07,f3,e0,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(824)
c:\windows\system32\NVSVC.DLL
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-07 21:58:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-09-07 19:57
.
Vor Suchlauf: 12 Verzeichnis(se), 164.304.719.872 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 166.223.970.304 Bytes frei
.
- - End Of File - - FD4B1E7A2F5E8E295C431F20FE882A16
|
|
07.09.2011, 21:37
| #19 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Driver::
Wpssmbus
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Folder::
c:\program files\Common Files\Spigot\Search Settings
Wichtig:
|
|
08.09.2011, 14:37
| #20 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen Combofix Logfile: Code:
ATTFilter ComboFix 11-09-08.03 - Anna 08.09.2011 15:25:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2814.1812 [GMT 2:00]
ausgeführt von:: c:\users\Anna\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anna\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot\Search Settings
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-08 bis 2011-09-08 ))))))))))))))))))))))))))))))
.
.
2011-09-08 13:30 . 2011-09-08 13:30 -------- d-----w- c:\users\Anna\AppData\Local\temp
2011-09-08 13:30 . 2011-09-08 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 22:46 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C2FCF24-EE0E-4FE5-92A4-440304829D7D}\mpengine.dll
2011-08-26 12:07 . 2011-08-26 12:07 -------- d-----w- c:\program files\Activision
2011-08-24 21:26 . 2011-09-08 13:30 -------- d-----w- c:\program files\Common Files\Spigot
2011-08-24 21:26 . 2011-08-28 17:34 -------- d-----w- c:\program files\Application Updater
2011-08-22 18:05 . 2011-08-22 18:58 -------- d-----w- c:\program files\ICQ7.5
2011-08-19 21:05 . 2011-08-19 21:15 -------- d-----w- c:\program files\osu!
2011-08-09 20:36 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 09:20 . 2011-07-24 09:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2011-03-14 15:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-03-14 15:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"MacrokeyManager"="WTMKM.exe" [2009-12-22 5873384]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-1-1 113664]
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-3-24 1085440]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-3-20 1199400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 Wpssmbusi;Wpssmbusi; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-11-26 515816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-09-24 464384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000Core.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 20:36]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000UA.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 20:36]
.
2011-08-30 c:\windows\Tasks\Norton Security Scan for Anna.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 00:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Free YouTube Download - c:\users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: baur.de\vpn-portal1
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft Choice Guard: ChoiceGuard@Microsoft - %profile%\extensions\ChoiceGuard@Microsoft
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - %profile%\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-08 15:30
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-585210845-3960999194-72264236-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b2,ca,7b,5a,42,a8,fa,2f,2c,4f,24,11,42,19,1e,ea,a2,72,c9,58,9b,67,4c,
52,93,89,a6,58,aa,83,2d,e9,6a,4b,a4,a5,0f,02,9f,40,6b,bf,22,37,fa,f1,de,73,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-585210845-3960999194-72264236-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,b4,35,57,2e,ec,41,0a,64,39,a1,f4,ef,85,37,35,ab,98,7d,1e,79,
95,bd,ef,fc,c4,02,ea,1c,4f,0d,31,95,f6,30,1c,98,ae,ae,db,da,61,d9,07,f3,e0,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Zeit der Fertigstellung: 2011-09-08 15:32:08
ComboFix-quarantined-files.txt 2011-09-08 13:32
ComboFix2.txt 2011-09-07 19:58
.
Vor Suchlauf: 14 Verzeichnis(se), 165.458.796.544 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 165.426.057.216 Bytes frei
.
- - End Of File - - 2224E19362FB6B79DFF37E5183C162EA
|
|
08.09.2011, 14:53
| #21 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Wie läufts? |
|
09.09.2011, 21:06
| #22 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen Was meinst du mit 'wie läufts' genau? o_o |
|
09.09.2011, 21:41
| #23 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Bestehen noch Probleme? |
|
09.09.2011, 23:16
| #24 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen Also im Moment hab ich keine Probleme oder irgendwelche BEschwerden. Läuft eigentlich wie sonst. Die lästige Bildschirmsperre war aber schon seit dem Scan mit Malwarebytes nicht mehr da |
|
11.09.2011, 23:23
| #25 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Melde mich Morgen, sorry. |
|
12.09.2011, 17:53
| #26 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernenESET Online Scanner
|
|
12.09.2011, 20:09
| #27 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=7d88bdc83334b944bc2f85b86e202477 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-12 07:04:50 # local_time=2011-09-12 09:04:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776573 100 100 249247 153380873 0 0 # compatibility_mode=8192 67108863 100 0 103 103 0 0 # scanned=208990 # found=12 # cleaned=0 # scan_time=6145 C:\ProgramData\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Windows\System32\Dll.dll.vir Win32/Lukicsel.O trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\772e029f-544cdcab Java/Agent.DD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\64522ca3-2e82c995 Java/Agent.DD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4a911966-7eb39e68 Java/Agent.DI trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6ac5daea-287be628 Java/Agent.DJ trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\67a705ec-6b99d381 a variant of Java/Agent.DI trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2a7a4a87-7f4f2843 Java/Agent.DE trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\Roaming\7A1C8C3CD8C2AA8F21F011CE50CE4D51\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Anna\AppData\Roaming\7A1C8C3CD8C2AA8F21F011CE50CE4D51\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I |
|
12.09.2011, 20:50
| #28 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
13.09.2011, 11:22
| #29 |
| | Kann Trojaner (Fake Polizeisperre) nicht entfernen Es hat wieder nur eine OTL.txt erstelt und keine Extra.txt erstelltOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2011 12:12:46 - Run 3 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Anna\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,54% Memory free 5,71 Gb Paging File | 4,59 Gb Available in Paging File | 80,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,19 Gb Total Space | 153,64 Gb Free Space | 53,31% Space Free | Partition Type: NTFS Drive D: | 291,98 Gb Total Space | 291,70 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\WTMKM.exe () PRC - C:\Windows\System32\atwtusb.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe () PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\WTMKM.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3008.0__739b31b1908c49e5\Framework.UIComponent.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3008.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3008.0__9ecdf03bb2054f94\Framework.PluginInterface.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3008.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3008.0__672b450de5a7e94a\Framework.Host.dll () MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () MOD - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe () MOD - C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll () MOD - C:\Program Files\Acer\Empowering Technology\de\Framework.AppBar.resources.dll () MOD - C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll () MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Windows\System32\ATWTINK.DLL () ========== Win32 Services (SafeList) ========== SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WTService) -- C:\Windows\System32\atwtusb.exe () SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vhidmini) -- C:\Windows\System32\drivers\walvhid.sys (Windows (R) Win 7 DDK provider) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: - Reg Error: CLSID key missing. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anna\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.21 16:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.28 20:24:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 12:18:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}: C:\Users\Anna\AppData\Local\{FFCD57C0-B44A-4B84-8EA2-37E605C61634}\ [2009.06.07 18:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions [2011.09.12 11:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions [2010.05.30 12:52:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.20 15:16:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.05.30 12:52:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.08.22 20:06:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.22 19:48:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.23 15:11:50 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.07.10 23:43:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.16 21:35:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.30 12:52:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.08.17 17:13:43 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\ChoiceGuard@Microsoft [2011.02.16 21:35:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\5vfijvzh.default\extensions\engine@conduit.com [2010.08.18 14:43:49 | 000,001,819 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\bing.xml [2010.08.05 21:33:12 | 000,000,935 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\conduit.xml [2011.09.06 15:55:11 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-1.xml [2010.04.03 00:19:52 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-2.xml [2010.04.12 18:09:16 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-3.xml [2010.06.28 17:07:15 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-4.xml [2010.07.04 16:44:56 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-5.xml [2010.12.13 19:34:10 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-6.xml [2011.02.11 15:06:01 | 000,000,950 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin-7.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\icqplugin.xml [2009.06.08 11:11:20 | 000,009,941 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5vfijvzh.default\searchplugins\mywebsearch.xml [2011.09.07 21:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.03 18:33:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.07 16:16:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.08.24 23:26:35 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2009.04.07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1839111.gif [2009.10.24 18:50:17 | 000,000,205 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1839111.src O1 HOSTS File: ([2011.09.08 15:30:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: baur.de ([vpn-portal1] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn-portal1.baur.de/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B2886E0-CE4B-4FA5-A302-51852979DE2F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FE13E2-2B09-4858-8A15-FFE394A580CB}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76A701FF-9804-4FAC-A894-E60C1FC056DE}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9216AF5B-057F-4DF4-BD30-D3E76B29DEFD}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B40C8C4E-430D-4BD7-9019-59158541DFDD}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {80187717-780B-4EB0-BA5B-F4F51F2BD652} - Microsoft Windows Media Player 11.0 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.13 12:10:59 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011.09.12 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.09.12 19:18:47 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe [2011.09.08 15:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.09.08 15:32:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\temp [2011.09.08 15:23:19 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.09.08 15:15:45 | 004,200,409 | R--- | C] (Swearware) -- C:\Users\Anna\Desktop\ComboFix.exe [2011.09.07 21:43:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.09.07 21:43:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.09.07 21:43:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.09.07 21:43:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.09.07 21:43:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.08.26 14:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines [2011.08.26 14:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2011.08.24 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2011.08.24 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2011.08.22 20:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.08.22 20:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5 [2011.08.19 23:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! [2011.08.19 23:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\osu! [2003.03.02 00:26:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.09.13 12:11:13 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000UA.job [2011.09.13 12:11:01 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe [2011.09.13 12:09:55 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.13 12:09:55 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.13 12:09:55 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.13 12:09:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.13 12:06:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.13 12:05:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.13 12:04:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.13 12:04:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.13 12:04:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.13 12:04:46 | 2951,143,424 | -HS- | M] () -- C:\hiberfil.sys [2011.09.12 19:18:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe [2011.09.08 15:30:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.09.08 15:15:53 | 004,200,409 | R--- | M] (Swearware) -- C:\Users\Anna\Desktop\ComboFix.exe [2011.09.07 01:11:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-585210845-3960999194-72264236-1000Core.job [2011.09.03 16:44:05 | 000,005,527 | ---- | M] () -- C:\Users\Anna\.recently-used.xbel [2011.08.30 16:58:09 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Anna.job [2011.08.26 14:31:25 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk [2011.08.26 14:31:02 | 000,000,292 | ---- | M] () -- C:\Windows\vtmb.ini [2011.08.24 00:36:31 | 000,001,155 | ---- | M] () -- C:\Users\Anna\Desktop\Free YouTube to MP3 Converter.lnk [2011.08.24 00:36:31 | 000,000,996 | ---- | M] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk [2011.08.22 20:06:38 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2011.08.19 23:05:57 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk ========== Files Created - No Company Name ========== [2011.09.07 21:43:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.09.07 21:43:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.09.07 21:43:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.09.07 21:43:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.09.07 21:43:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.09.03 16:44:05 | 000,005,527 | ---- | C] () -- C:\Users\Anna\.recently-used.xbel [2011.09.01 01:57:38 | 2951,143,424 | -HS- | C] () -- C:\hiberfil.sys [2011.08.26 14:31:25 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk [2011.08.26 14:31:02 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini [2011.08.24 00:36:31 | 000,001,155 | ---- | C] () -- C:\Users\Anna\Desktop\Free YouTube to MP3 Converter.lnk [2011.08.24 00:36:31 | 000,000,996 | ---- | C] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk [2011.08.23 01:23:19 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk [2011.08.22 20:06:38 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk [2011.08.19 23:05:57 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk [2011.06.25 13:12:49 | 000,097,224 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.03.20 20:24:43 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2011.03.11 17:00:14 | 000,000,120 | ---- | C] () -- C:\Users\Anna\AppData\Local\Pneqewadage.dat [2011.03.11 17:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Anna\AppData\Local\Itajapaximiba.bin [2011.01.12 15:20:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.10.10 12:05:20 | 000,000,418 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.29 21:12:55 | 000,000,990 | ---- | C] () -- C:\Users\Anna\AppData\Local\RT73_{B40C8C4E-430D-4BD7-9019-59158541DFDD}_wsc [2010.08.08 17:09:34 | 000,000,859 | ---- | C] () -- C:\Users\Anna\AppData\Local\RT73_{B40C8C4E-430D-4BD7-9019-59158541DFDD}_sta [2010.08.08 17:08:20 | 000,001,693 | ---- | C] () -- C:\Users\Anna\AppData\Local\RT73_{B40C8C4E-430D-4BD7-9019-59158541DFDD}_prof [2010.07.23 21:19:31 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.04.12 16:34:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.17 15:30:56 | 000,515,816 | ---- | C] () -- C:\Windows\System32\atwtusb.exe [2010.03.17 15:30:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\InstallService.exe [2010.03.17 15:30:55 | 005,873,384 | ---- | C] () -- C:\Windows\System32\WTMKM.exe [2010.03.17 15:30:55 | 000,151,272 | ---- | C] () -- C:\Windows\System32\Calibration.exe [2010.03.17 15:30:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL [2010.03.17 15:30:53 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini [2010.03.12 16:00:24 | 000,000,105 | R--- | C] () -- C:\ProgramData\Ppster.ini [2010.03.10 18:10:42 | 000,010,251 | ---- | C] () -- C:\Windows\System32\Default_2.ini [2010.03.10 18:10:42 | 000,009,868 | ---- | C] () -- C:\Windows\System32\Default_1.ini [2010.03.10 18:10:42 | 000,000,677 | ---- | C] () -- C:\Windows\System32\MKProfile.ini [2009.06.02 12:24:10 | 000,000,680 | ---- | C] () -- C:\Users\Anna\AppData\Local\d3d9caps.dat [2009.04.06 17:59:04 | 000,008,192 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.24 22:57:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.24 22:57:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.24 22:08:44 | 000,000,242 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\wklnhst.dat [2008.05.09 11:54:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.09 11:54:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.05.09 11:16:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.05.09 11:07:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.05.09 11:07:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,301,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.03.02 00:26:06 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2003.03.02 00:26:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2003.03.02 00:26:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2003.03.02 00:26:04 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2003.03.02 00:26:04 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.03.15 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\7A1C8C3CD8C2AA8F21F011CE50CE4D51 [2008.05.09 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Acer GameZone Console [2011.07.28 18:57:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Audacity [2010.02.05 16:10:14 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Canon [2011.06.20 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Downloaded Installations [2011.08.24 00:41:48 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft [2011.04.11 14:57:43 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.22 17:45:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\FreeAudioPack [2011.02.06 16:55:46 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\GetRightToGo [2011.09.03 16:41:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\gtk-2.0 [2011.09.13 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ICQ [2010.03.13 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Leadertech [2010.09.06 15:08:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Merscom [2009.04.17 15:51:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PlayFirst [2011.01.14 19:05:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\RenPy [2011.05.23 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Scribus [2010.04.05 19:25:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SPORE [2010.08.29 21:56:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SYSTEMAX Software Development [2009.04.20 17:07:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Template [2010.08.03 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent [2011.09.12 21:10:51 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.09.08 15:32:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.04.17 20:24:27 | 000,000,000 | ---D | M] -- C:\ACER [2009.03.20 08:27:46 | 000,000,000 | ---D | M] -- C:\ACERSW [2008.05.09 11:55:59 | 000,000,000 | ---D | M] -- C:\Book [2008.05.09 04:42:57 | 000,000,000 | ---D | M] -- C:\Boot [2011.09.08 15:32:11 | 000,000,000 | ---D | M] -- C:\ComboFix [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.03.24 22:02:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.03 22:49:54 | 000,000,000 | ---D | M] -- C:\download games [2008.05.09 11:39:31 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.04.08 18:09:47 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.12 19:20:42 | 000,000,000 | R--D | M] -- C:\Program Files [2011.05.12 16:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.03.24 22:02:53 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.08 15:32:11 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.09.13 12:15:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.06.11 07:55:48 | 000,000,000 | ---D | M] -- C:\TEMP [2011.06.25 11:21:01 | 000,000,000 | R--D | M] -- C:\Users [2011.09.08 15:30:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 20:08:22 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54 < End of report > |
|
13.09.2011, 17:49
| #30 |
| /// Malwareteam | Kann Trojaner (Fake Polizeisperre) nicht entfernen Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
| Themen zu Kann Trojaner (Fake Polizeisperre) nicht entfernen |
| athlon, betriebssystem, brauche, build, device, entferne, entfernen, fake, fake sperre, home, kann nicht entfernt werden, malwarebytes, modus, physikalischer speicher, polizei, problem mit malwarebytes, processor, ram, scan, service, service pack 1, speicher, systeminformationen, troja, trojaner, verschwindet, virtueller, vollständige, windows |
Textbox.
Linear-Darstellung
