Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schwarzer Desktop

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.03.2012, 18:37   #1
MartinR
 
Schwarzer Desktop - Standard

Schwarzer Desktop



Hallo NG,

mein PC hat auf einmal das Problem, das die Meldung kommt. Failed to save the components fot the file \\system32\00006449.

Ich habe einen Scan mit OTL und einen mit Malewarebytes gemacht. Hier der Inhalt der drei Dateien. Was kann ich machen?

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.03.2012 18:24:12 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\roling.GEO\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,20% Memory free
15,98 Gb Paging File | 13,11 Gb Available in Paging File | 82,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 2,38 Gb Free Space | 3,20% Space Free | Partition Type: NTFS
Drive E: | 111,00 Gb Total Space | 29,76 Gb Free Space | 26,81% Space Free | Partition Type: NTFS
Drive H: | 153,38 Gb Total Space | 40,03 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
 
Computer Name: GM-ROLING | User Name: roling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 18:09:51 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\roling.GEO\Downloads\OTL.exe
PRC - [2012.03.19 17:46:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.06 17:57:10 | 000,934,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.02.06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.01 10:58:06 | 000,122,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
PRC - [2011.01.27 16:51:04 | 002,253,688 | -H-- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.12 17:28:26 | 000,726,456 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.10.12 17:24:38 | 000,304,568 | -H-- | M] (Citrix Systems, Inc.) -- C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010.09.08 09:31:40 | 000,886,512 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
PRC - [2010.09.08 08:45:24 | 000,387,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.09.08 08:44:26 | 001,931,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
PRC - [2010.09.08 08:38:06 | 004,600,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
PRC - [2010.09.08 08:36:52 | 000,955,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
PRC - [2010.09.03 14:07:46 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.19 03:10:00 | 001,705,280 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.19 17:46:10 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.06 15:55:38 | 000,085,288 | -H-- | M] () -- C:\Users\roling.GEO\AppData\Roaming\Mozilla\Firefox\Profiles\uqkop9tv.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\components\RadioWMPCoreGecko11.dll
MOD - [2012.02.23 12:37:50 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
MOD - [2012.02.23 12:37:13 | 000,381,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\7e5e3868644fb0d43e06669eb81b102c\Microsoft.TeamFoundation.VersionControl.Common.ni.dll
MOD - [2012.02.23 12:37:09 | 001,249,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\9a8f24b79685c4277bf94a9733fb5ee5\Microsoft.TeamFoundation.Common.ni.dll
MOD - [2012.02.23 12:37:07 | 001,530,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.TeamFound#\076512600a445b70f51713d3e8ba3cb7\Microsoft.TeamFoundation.ni.dll
MOD - [2012.02.21 18:11:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012.02.21 18:11:45 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012.02.21 18:11:43 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012.02.21 18:11:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012.02.21 18:11:38 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012.02.21 18:11:36 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012.02.21 18:11:32 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011.03.01 11:01:48 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\x86\TfsComProviderStub.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012.02.06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.01.27 16:51:04 | 002,253,688 | -H-- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.09.08 08:45:36 | 001,084,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.09.08 08:44:26 | 001,931,144 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)
SRV - [2010.09.08 08:38:06 | 004,600,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe -- (MMS)
SRV - [2010.09.03 14:07:46 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.31 07:01:40 | 000,229,376 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oracle\11.2.0\client_2\bin\CMGW.EXE -- (OracleOraClient11g_home2CMan)
SRV - [2010.03.31 07:01:30 | 000,745,472 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oracle\11.2.0\client_2\bin\CMADMIN.EXE -- (OracleOraClient11g_home2CMAdmin)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.19 03:10:00 | 001,705,280 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.02.02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006.02.02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006.02.02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 17:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.21 10:03:01 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.09.21 09:59:13 | 000,278,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.07.14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.09.17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 33 D8 EC 23 57 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {85C5EF5F-94A4-4014-81F5-376B4F6F8CBC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{42A49609-C0FD-4150-9B29-7BE20C066658}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{85C5EF5F-94A4-4014-81F5-376B4F6F8CBC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{8B87A6DA-0979-492A-B074-FE978878BFB4}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E5F9DBB2-17CC-4082-8174-AB2106937A19}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 17:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.12 07:54:36 | 000,000,000 | ---D | M]
 
[2010.07.02 06:35:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Extensions
[2012.03.16 08:08:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions
[2012.03.07 07:44:44 | 000,000,000 | -H-D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2011.03.07 14:11:47 | 000,000,000 | -H-D | M] (Bundeskampf Toolbar) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\bundeskampftoolbar@spielwerk.gmbh
[2011.03.24 16:40:52 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\roling.GEO\AppData\Roaming\mozilla\Firefox\Profiles\uqkop9tv.default\extensions\engine@conduit.com
[2012.01.09 07:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.19 17:46:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.10.12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.10.12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.10.12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.10.12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.02.07 07:50:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.07 07:50:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.07 07:50:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.07 07:50:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.07 07:50:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.07 07:50:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bundeskampf) - {16487639-F41C-421C-B909-BC7E01937C7D} - C:\PROGRA~2\BUNDES~1\BUNDES~1.DLL (Spielwerk)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\roling.GEO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyTime.lnk = C:\tools\MyTime\MyTime.exe (Geomapping GmbH)
O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.230 217.237.148.70 217.237.150.115 217.237.149.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geo.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39079C9-1FED-498E-BDD6-EEE27FDCCFD4}: DhcpNameServer = 192.168.100.230 217.237.148.70 217.237.150.115 217.237.149.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39079C9-1FED-498E-BDD6-EEE27FDCCFD4}: NameServer = 192.168.100.230,8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\roling.GEO\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\roling.GEO\AppData\Roaming\Malwarebytes
[2012.03.19 18:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 18:01:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.19 18:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 17:21:33 | 000,000,000 | -H-D | C] -- C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.14 18:10:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 18:10:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 18:10:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 07:25:40 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 07:25:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 07:25:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 07:25:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 07:24:58 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 07:24:57 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.02.20 15:29:53 | 000,000,000 | -H-D | C] -- C:\Users\roling.GEO\Documents\BASF
[2012.02.20 07:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.02.20 07:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.02.20 07:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dealio Toolbar
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 18:22:06 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:22:06 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:14:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 18:14:23 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2012.03.19 18:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 18:13:49 | 2140,442,623 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 18:03:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.19 18:01:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 17:23:15 | 000,000,456 | -H-- | M] () -- C:\ProgramData\JKQkOiWUmen8jV
[2012.03.19 17:21:34 | 000,000,653 | -H-- | M] () -- C:\Users\roling.GEO\Desktop\System Check.lnk
[2012.03.19 17:21:34 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~JKQkOiWUmen8jV
[2012.03.19 17:21:34 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~JKQkOiWUmen8jVr
[2012.03.19 17:21:23 | 000,353,792 | -H-- | M] () -- C:\ProgramData\JKQkOiWUmen8jV.exe
[2012.03.19 09:39:19 | 001,777,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.19 09:39:19 | 000,761,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.19 09:39:19 | 000,705,014 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.19 09:39:19 | 000,174,806 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.19 09:39:19 | 000,141,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.19 09:39:01 | 000,001,647 | -H-- | M] () -- C:\Users\roling.GEO\2-1359952.WibuCmRaC
[2012.03.16 09:05:24 | 000,001,016 | -H-- | M] () -- C:\Users\roling.GEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.16 09:05:00 | 000,000,994 | -H-- | M] () -- C:\Users\roling.GEO\Desktop\Dropbox.lnk
[2012.03.15 08:00:56 | 000,446,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.09 09:31:05 | 000,026,156 | -H-- | M] () -- C:\Users\roling.GEO\.recently-used.xbel
[2012.03.06 11:19:29 | 000,007,485 | -H-- | M] () -- C:\Users\roling.GEO\Documents\ibburg.lsd
[2012.02.22 07:38:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.21 18:14:09 | 001,758,428 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.03.19 18:01:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 17:21:34 | 000,000,653 | -H-- | C] () -- C:\Users\roling.GEO\Desktop\System Check.lnk
[2012.03.19 17:21:34 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~JKQkOiWUmen8jV
[2012.03.19 17:21:34 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~JKQkOiWUmen8jVr
[2012.03.19 17:21:28 | 000,000,456 | -H-- | C] () -- C:\ProgramData\JKQkOiWUmen8jV
[2012.03.19 17:21:23 | 000,353,792 | -H-- | C] () -- C:\ProgramData\JKQkOiWUmen8jV.exe
[2012.03.19 09:39:01 | 000,001,647 | -H-- | C] () -- C:\Users\roling.GEO\2-1359952.WibuCmRaC
[2012.03.09 09:31:05 | 000,026,156 | -H-- | C] () -- C:\Users\roling.GEO\.recently-used.xbel
[2012.03.06 11:19:29 | 000,007,485 | -H-- | C] () -- C:\Users\roling.GEO\Documents\ibburg.lsd
[2012.02.15 09:32:50 | 000,005,632 | -H-- | C] () -- C:\Users\roling.GEO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.31 14:07:36 | 000,229,428 | ---- | C] () -- C:\Windows\SysWow64\pmtols.dll
[2011.08.25 16:31:43 | 000,007,602 | -H-- | C] () -- C:\Users\roling.GEO\AppData\Local\Resmon.ResmonCfg
[2011.02.10 10:24:33 | 034,593,359 | -H-- | C] () -- C:\ProgramData\Projects.zip
 
< End of report >
         
--- --- ---



Log Datei von Malewarebytes:

(mbam-log-2012-03-19 (18-02-02).txt

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
roling :: GM-ROLING [Administrator]

Schutz: Aktiviert

19.03.2012 18:02:02
mbam-log-2012-03-19 (18-02-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 304433
Laufzeit: 10 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> 2688 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\hVcFymSUOVmBXKV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\hVcFymSUOVmBXKV.exe (Rogue.FakeHDD) -> Löschen bei Neustart.

(Ende)



protection-log-2012-03-19.txt

2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Starting protection
2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Executing scheduled update: Daily
2012/03/19 18:01:57 +0100 GM-ROLING roling MESSAGE Database already up-to-date
2012/03/19 18:01:58 +0100 GM-ROLING roling MESSAGE Protection started successfully
2012/03/19 18:02:01 +0100 GM-ROLING roling MESSAGE Starting IP protection
2012/03/19 18:02:02 +0100 GM-ROLING roling MESSAGE IP Protection started successfully
2012/03/19 18:13:05 +0100 GM-ROLING (null) IP-BLOCK 217.23.9.189 (Type: outgoing, Port: 49246, Process: jkqkoiwumen8jv.exe)
2012/03/19 18:13:05 +0100 GM-ROLING (null) IP-BLOCK 141.136.16.61 (Type: outgoing, Port: 49247, Process: jkqkoiwumen8jv.exe)
2012/03/19 18:14:53 +0100 GM-ROLING roling MESSAGE Starting protection
2012/03/19 18:14:59 +0100 GM-ROLING roling MESSAGE Protection started successfully
2012/03/19 18:15:02 +0100 GM-ROLING roling MESSAGE Starting IP protection
2012/03/19 18:15:03 +0100 GM-ROLING roling MESSAGE IP Protection started successfully

Alt 20.03.2012, 10:31   #2
MartinR
 
Schwarzer Desktop - Standard

Schwarzer Desktop



Hallo NG,

ich habe den kompletten Rechner wieder mit einer alten Sicherung hergestellt und ihn so wieder zum korrekten laufen bekommen.

Danke an Alle die sich bereits mit meinem Problem befaßt haben.

Es ist also keine weitere Bearbeitung von nöten.

Danke und schöne Grüße

Martin
__________________


Antwort

Themen zu Schwarzer Desktop
adobe, autorun, bho, bonjour, conduit, dateisystem, desktop, error, explorer, failed, file, firefox, format, google earth, heuristiks/extra, heuristiks/shuriken, home, ip-block, langs, logfile, löschen, microsoft security, mozilla, problem, programme, realtek, registry, scan, searchscopes, security, server, software, system, vdeck.exe, version=1.0, visual studio, windows



Ähnliche Themen: Schwarzer Desktop


  1. Schwarzer Desktop / GVU-Trojaner
    Log-Analyse und Auswertung - 20.11.2013 (15)
  2. Schwarzer Desktop / GVU-Trojaner
    Log-Analyse und Auswertung - 20.08.2013 (15)
  3. Schwarzer Desktop / GVU-Trojaner - explorer.exe gelöscht
    Log-Analyse und Auswertung - 02.08.2013 (12)
  4. schwarzer desktop und alle datein + programme verschwunden
    Log-Analyse und Auswertung - 07.10.2012 (26)
  5. Schwarzer Desktop - Backdoor.Agent.RCGen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (13)
  6. Smart HDD Virus, Schwarzer Desktop / Bitte um Hilfe bei der Entfernung
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (28)
  7. Schwarzer Desktop, verschwundene Dateien & Programme
    Log-Analyse und Auswertung - 09.02.2012 (8)
  8. Schwarzer Desktop und benutzer daten nicht sichtbar
    Log-Analyse und Auswertung - 06.02.2012 (6)
  9. GEMA-Trojaner schwarzer Desktop OTLPE out of memory
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (3)
  10. Security Center Virus, schwarzer Desktop, versteckte Dateien
    Log-Analyse und Auswertung - 22.11.2011 (51)
  11. Schwarzer Desktop wegen Windows XP Repair
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  12. TR/Fakealert.OV; Festplatte angeblich defekt; Schwarzer Desktop
    Log-Analyse und Auswertung - 01.07.2011 (16)
  13. Windows XP recovery, Festplatte defekt, schwarzer Desktop
    Plagegeister aller Art und deren Bekämpfung - 12.06.2011 (2)
  14. Schwarzer Bildschirm, Desktop nicht sichtbar
    Log-Analyse und Auswertung - 10.06.2011 (1)
  15. Nach Virenscann schwarzer Bildschirm (desktop.ini)
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (11)
  16. logfile - schwarzer desktop
    Log-Analyse und Auswertung - 26.12.2005 (16)
  17. Trojaner Schwarzer Desktop
    Log-Analyse und Auswertung - 23.07.2005 (0)

Zum Thema Schwarzer Desktop - Hallo NG, mein PC hat auf einmal das Problem, das die Meldung kommt. Failed to save the components fot the file \\system32\00006449. Ich habe einen Scan mit OTL und einen - Schwarzer Desktop...
Archiv
Du betrachtest: Schwarzer Desktop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.