Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bundespolizeivirus (+bild +verhalten)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.09.2012, 15:01   #1
bboy
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



hallo zusammen,
problem schaut so aus: hxxp://imageshack.us/photo/my-images/15/imag0895x.jpg/
leider überhitzt der rechner zuverlässig bei zu langer arbeit. (backup)

hab dateien gefunden die nach infektion erstellt worden, aber das bringt mich nicht weiter. (nicht nachmachen) ein umbenennen hatte zur folge das ich ca. eine min zugriff aufn desktop hatte und dann wieder virusscreen.

./Users/***/AppData/Local/Temp/***.bmp <- scheint n exploit für das userbild im login zu sein.
./Users/***/AppData/Local/Temp/tmpc1a30046/GX24_15.exe
./Users/***/AppData/Local/Temp/tmpf0f0bd35.bat <- leer
./Users/***/AppData/Local/Temp/tmpTujP.dat <- virusscreen

otl.txt
Code:
ATTFilter
OTL logfile created on: 9/12/2012 3:48:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 24.41 Gb Free Space | 8.47% Space Free | Partition Type: NTFS
Drive X: | 3.77 Gb Total Space | 3.13 Gb Free Space | 83.20% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/29 17:40:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 09:06:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/22 06:07:17 | 000,428,200 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/22 06:07:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 09:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/27 12:23:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/14 16:12:00 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/05/15 17:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/29 12:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/04/01 16:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/02/05 03:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/27 07:05:28 | 000,306,736 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/10/16 12:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 11:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/04 06:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2011/07/22 06:07:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/22 06:07:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/19 05:28:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/11/30 18:55:47 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/30 18:55:47 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/08 15:33:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/13 04:46:54 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/14 13:08:32 | 000,032,000 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/31 19:53:16 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/05/31 15:38:50 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/05/31 15:24:00 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/11/17 02:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/10/09 11:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 11:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 11:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/03/17 06:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/08/08 12:54:10 | 000,028,968 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=HP_ss&mntrId=5cbcd489000000000000000000000000
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\***_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=HP_ss&mntrId=5cbcd489000000000000000000000000"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=KW_ss&mntrId=5cbcd489000000000000000000000000&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 16:14:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/05 21:15:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 16:14:52 | 000,000,000 | ---D | M]
 
[2012/06/05 21:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012/06/24 03:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p77m0v8z.default\extensions
[2012/06/30 07:35:23 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p77m0v8z.default\extensions\toolbar@ask.com
[2012/07/25 17:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pa3ciava.default\extensions
[2012/06/05 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 16:59:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/02 14:46:50 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) -- 
[2012/07/29 17:40:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/13 07:56:17 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/01 12:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/12/14 20:53:32 | 000,426,930 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14705 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WSDPrintProxy] C:\Users\***\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\***_ON_C..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\***_ON_C..\Run: [odet.exe] C:\Users\***\AppData\Roaming\Epukyp\odet.exe ()
O4 - HKU\***_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{0a97917b-21cd-11e0-8d15-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{0a97917b-21cd-11e0-8d15-001f16a12f69}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{3a75fda0-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda0-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a75fda1-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda1-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a75fda2-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda2-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3fb7fe7d-1dbc-11df-8647-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb7fe7d-1dbc-11df-8647-001f16a12f69}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3fb7fe82-1dbc-11df-8647-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb7fe82-1dbc-11df-8647-001f16a12f69}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40a64085-a838-11df-827e-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{40a64085-a838-11df-827e-001f16a12f69}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{4bc50cf6-1daa-11e1-ad57-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{4bc50cf6-1daa-11e1-ad57-001f16a12f69}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{5171d288-965d-11e1-a8b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5171d288-965d-11e1-a8b4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5bc2c09d-3a6d-11df-8232-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{5bc2c09d-3a6d-11df-8232-001f16a12f69}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{6f0001bc-fcb4-11df-b25b-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0001bc-fcb4-11df-b25b-001f16a12f69}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{bc9bf157-1752-11e0-a8b3-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{bc9bf157-1752-11e0-a8b3-001f16a12f69}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{c2553f8e-b63f-11e0-9435-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{c2553f8e-b63f-11e0-9435-001f16a12f69}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6a8a8fb-1e04-11df-b8a5-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a8a8fb-1e04-11df-b8a5-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d9fdcbf6-b7a2-11e0-a3ae-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{d9fdcbf6-b7a2-11e0-a3ae-001f16a12f69}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{f0756537-9607-11e1-9c64-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{f0756537-9607-11e1-9c64-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/03/28 09:31:20 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\REX Shared Library.dll
[2010/03/28 09:31:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\Rewire.dll
[2010/01/26 19:11:01 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/28 16:21:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 16:20:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:20:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 16:18:40 | 3119,296,512 | -HS- | M] () -- C:\hiberfil.sys
[15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/18 09:19:51 | 3119,296,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 08:06:55 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/06/06 08:06:48 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/06/06 08:06:48 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/06/06 08:06:46 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/06/06 08:06:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/06/06 08:06:42 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012/06/06 08:06:42 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/06/06 08:06:38 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/06/06 07:47:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/10/17 11:38:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011/10/17 11:38:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011/04/27 14:26:52 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/04/27 13:38:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2010/12/18 06:09:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/30 13:45:07 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010/06/30 13:45:07 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/30 13:44:51 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/06/30 13:44:46 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/06/30 13:44:46 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/04/18 12:43:32 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010/03/28 09:48:33 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/02/25 16:14:24 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/01 09:45:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/01 09:45:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/28 08:18:41 | 000,219,054 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2010/01/28 08:18:41 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/01/28 07:56:57 | 000,216,639 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/01/26 11:27:53 | 000,111,104 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 10:37:53 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/01/26 10:36:03 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/01/26 10:36:03 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010/01/26 10:36:03 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/01/26 10:36:03 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/01/26 10:31:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/10 23:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/04/08 22:33:45 | 000,647,646 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/08 22:33:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/08 22:33:45 | 000,132,398 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/08 22:33:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/08 12:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/31 20:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/31 20:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/31 20:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/31 20:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/06/23 07:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 11:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/04/08 09:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2007/08/08 12:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,382,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/02/24 11:09:30 | 000,045,568 | ---- | C] () -- C:\Windows\System32\xWSock32.dll
[2003/10/10 10:12:58 | 000,141,824 | ---- | C] () -- C:\Windows\System32\xmenu2.dll
[2002/08/09 05:10:04 | 000,017,408 | ---- | C] () -- C:\Windows\System32\xNSLookup.dll
 
========== LOP Check ==========
 
[2010/01/26 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer
[2009/04/08 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2012/04/22 02:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012/06/13 07:54:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012/06/22 06:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion
[2010/06/08 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2010/03/28 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012/08/28 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012/06/01 17:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012/07/07 11:07:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epukyp
[2012/08/02 11:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2012/02/13 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010/06/21 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts
[2012/06/01 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010/03/28 09:35:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2012/08/02 11:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quipse
[2011/01/10 06:13:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2010/12/17 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010/02/20 05:40:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2010/06/08 16:10:19 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2010/05/07 14:48:47 | 000,000,000 | ---D | M] -- C:\ProgramData\agi
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/04/27 14:28:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2012/06/13 07:54:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/04/27 04:59:59 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2010/03/28 09:21:37 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/01/26 10:54:33 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2010/12/17 17:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/01/26 10:50:18 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/06/05 21:15:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2010/03/29 11:44:48 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2011/06/20 15:18:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/03/28 09:31:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2010/02/19 08:22:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/06/17 13:21:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/07/02 10:18:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/08 12:16:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/04/17 09:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/26 15:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/08/01 18:49:00 | 000,001,128 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549088631-1269286896-2439894023-1000Core.job
[2012/08/02 11:24:36 | 000,001,150 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549088631-1269286896-2439894023-1000UA.job
[2012/08/18 09:22:31 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Alt 12.09.2012, 15:20   #2
markusg
/// Malware-holic
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\***_ON_C..\Run: [odet.exe] C:\Users\***\AppData\Roaming\Epukyp\odet.exe ()
O4 - HKLM..\Run: [WSDPrintProxy] C:\Users\***\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe ()
:Files
C:\Users\***\AppData\Roaming\Epukyp
C:\Users\***\AppData\Local\Microsoft\Windows\613
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 12.09.2012, 16:09   #3
bboy
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



danke schonmal für die schnelle hilfe.

der upload hat ohne probs alles gefuttert.
hier nochma der otl.txt log

Code:
ATTFilter
OTL logfile created on: 9/12/2012 4:27:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 24.41 Gb Free Space | 8.47% Space Free | Partition Type: NTFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/29 17:40:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 09:06:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/22 06:07:17 | 000,428,200 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/22 06:07:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 09:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/27 12:23:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/14 16:12:00 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/05/15 17:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/29 12:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/04/01 16:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/02/05 03:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/27 07:05:28 | 000,306,736 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/10/16 12:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 11:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/04 06:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2011/07/22 06:07:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/22 06:07:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/19 05:28:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/11/30 18:55:47 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/11/30 18:55:47 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/08 15:33:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/13 04:46:54 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/14 13:08:32 | 000,032,000 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/31 19:53:16 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/05/31 15:38:50 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/05/31 15:24:00 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/11/17 02:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/10/09 11:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 11:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 11:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/03/17 06:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/08/08 12:54:10 | 000,028,968 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0110&m=aspire_5810t
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=HP_ss&mntrId=5cbcd489000000000000000000000000
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\***_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=HP_ss&mntrId=5cbcd489000000000000000000000000"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=060612_7_&babsrc=KW_ss&mntrId=5cbcd489000000000000000000000000&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 16:14:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/05 21:15:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 16:14:52 | 000,000,000 | ---D | M]
 
[2012/06/05 21:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012/06/24 03:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p77m0v8z.default\extensions
[2012/06/30 07:35:23 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p77m0v8z.default\extensions\toolbar@ask.com
[2012/07/25 17:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pa3ciava.default\extensions
[2012/06/05 21:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 16:59:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/02 14:46:50 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) -- 
[2012/07/29 17:40:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/13 07:56:17 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/01 12:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/12/14 20:53:32 | 000,426,930 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14705 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WSDPrintProxy] C:\Users\***\AppData\Local\Microsoft\Windows\613\WSDPrintProxy.exe ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\***_ON_C..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\***_ON_C..\Run: [odet.exe] C:\Users\***\AppData\Roaming\Epukyp\odet.exe ()
O4 - HKU\***_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a97917b-21cd-11e0-8d15-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{0a97917b-21cd-11e0-8d15-001f16a12f69}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{3a75fda0-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda0-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a75fda1-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda1-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a75fda2-681a-11e0-83b2-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a75fda2-681a-11e0-83b2-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3fb7fe7d-1dbc-11df-8647-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb7fe7d-1dbc-11df-8647-001f16a12f69}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3fb7fe82-1dbc-11df-8647-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb7fe82-1dbc-11df-8647-001f16a12f69}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40a64085-a838-11df-827e-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{40a64085-a838-11df-827e-001f16a12f69}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{4bc50cf6-1daa-11e1-ad57-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{4bc50cf6-1daa-11e1-ad57-001f16a12f69}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{5171d288-965d-11e1-a8b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5171d288-965d-11e1-a8b4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5bc2c09d-3a6d-11df-8232-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{5bc2c09d-3a6d-11df-8232-001f16a12f69}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{6f0001bc-fcb4-11df-b25b-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0001bc-fcb4-11df-b25b-001f16a12f69}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{bc9bf157-1752-11e0-a8b3-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{bc9bf157-1752-11e0-a8b3-001f16a12f69}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{c2553f8e-b63f-11e0-9435-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{c2553f8e-b63f-11e0-9435-001f16a12f69}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d6a8a8fb-1e04-11df-b8a5-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d6a8a8fb-1e04-11df-b8a5-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d9fdcbf6-b7a2-11e0-a3ae-001f16a12f69}\Shell - "" = AutoRun
O33 - MountPoints2\{d9fdcbf6-b7a2-11e0-a3ae-001f16a12f69}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{f0756537-9607-11e1-9c64-0022fb49e6a8}\Shell - "" = AutoRun
O33 - MountPoints2\{f0756537-9607-11e1-9c64-0022fb49e6a8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/03/28 09:31:20 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\REX Shared Library.dll
[2010/03/28 09:31:20 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\Rewire.dll
[2010/01/26 19:11:01 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/28 16:21:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 16:20:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:20:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 16:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 16:18:40 | 3119,296,512 | -HS- | M] () -- C:\hiberfil.sys
[15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/18 09:19:51 | 3119,296,512 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 08:06:55 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/06/06 08:06:48 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/06/06 08:06:48 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/06/06 08:06:46 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/06/06 08:06:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/06/06 08:06:42 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012/06/06 08:06:42 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/06/06 08:06:38 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/06/06 07:47:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/10/17 11:38:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011/10/17 11:38:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011/04/27 14:26:52 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/04/27 13:38:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2010/12/18 06:09:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/30 13:45:07 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010/06/30 13:45:07 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/30 13:44:51 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/06/30 13:44:46 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/06/30 13:44:46 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/04/18 12:43:32 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010/03/28 09:48:33 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/02/25 16:14:24 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/01 09:45:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/01 09:45:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/28 08:18:41 | 000,219,054 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2010/01/28 08:18:41 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/01/28 07:56:57 | 000,216,639 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/01/26 11:27:53 | 000,111,104 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 10:37:53 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/01/26 10:36:03 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/01/26 10:36:03 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010/01/26 10:36:03 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/01/26 10:36:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/01/26 10:36:03 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/01/26 10:31:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/10 23:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/04/08 22:33:45 | 000,647,646 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/04/08 22:33:45 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/04/08 22:33:45 | 000,132,398 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/04/08 22:33:45 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/04/08 12:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/31 20:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/31 20:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/31 20:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/31 20:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/06/23 07:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 11:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/04/08 09:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2007/08/08 12:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,382,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/02/24 11:09:30 | 000,045,568 | ---- | C] () -- C:\Windows\System32\xWSock32.dll
[2003/10/10 10:12:58 | 000,141,824 | ---- | C] () -- C:\Windows\System32\xmenu2.dll
[2002/08/09 05:10:04 | 000,017,408 | ---- | C] () -- C:\Windows\System32\xNSLookup.dll
 
========== LOP Check ==========
 
[2010/01/26 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer
[2009/04/08 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2012/04/22 02:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012/06/13 07:54:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012/06/22 06:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion
[2010/06/08 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2010/03/28 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012/08/28 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012/06/01 17:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012/07/07 11:07:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epukyp
[2012/08/02 11:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2012/02/13 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010/06/21 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts
[2012/06/01 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010/03/28 09:35:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2012/08/02 11:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quipse
[2011/01/10 06:13:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2010/12/17 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010/02/20 05:40:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2010/06/08 16:10:19 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2010/05/07 14:48:47 | 000,000,000 | ---D | M] -- C:\ProgramData\agi
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/04/27 14:28:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2012/06/13 07:54:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/04/27 04:59:59 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2010/03/28 09:21:37 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/01/26 10:54:33 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2010/12/17 17:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/01/26 10:50:18 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/06/05 21:15:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2010/03/29 11:44:48 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2011/06/20 15:18:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/03/28 09:31:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2010/02/19 08:22:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/06/17 13:21:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/07/02 10:18:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2010/01/26 10:21:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/08 12:16:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/04/17 09:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/26 15:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/08/01 18:49:00 | 000,001,128 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549088631-1269286896-2439894023-1000Core.job
[2012/08/02 11:24:36 | 000,001,150 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-549088631-1269286896-2439894023-1000UA.job
[2012/08/18 09:22:31 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
__________________

Alt 12.09.2012, 16:36   #4
markusg
/// Malware-holic
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



hi danke fürs hochladen nutzt er den pc für onlinebanking zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.09.2012, 17:06   #5
bboy
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



sie nutzt ihn schon ma für onlinebanking , aber macht das noch einen unterschied? ich würd den rechner gern wieder sauber abgeben.


Alt 12.09.2012, 19:32   #6
markusg
/// Malware-holic
 
bundespolizeivirus (+bild +verhalten) - Standard

bundespolizeivirus (+bild +verhalten)



hi
sie soll die bank anrufen, notfall nummer:
116 116
online banking wegen zbot sperren lassen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
--> bundespolizeivirus (+bild +verhalten)

Antwort

Themen zu bundespolizeivirus (+bild +verhalten)
adobe, antivir, autorun, avira, bho, dateien, defender, desktop, error, explorer, explorer.exe, firefox, format, home, launch, limited.com/facebook, locker, logfile, microsoft, mozilla, mywinlocker, realtek, registry, safer networking, scan, search the web, secure, software, tarma, vista, vodafone, wallpaper, winlogon



Ähnliche Themen: bundespolizeivirus (+bild +verhalten)


  1. Bundespolizeivirus otlpe log
    Log-Analyse und Auswertung - 03.06.2014 (9)
  2. Weises Bild, beim hochfahren sehe ich nur ganz kurz den Desktop,dann nur noch weises bild.
    Log-Analyse und Auswertung - 22.10.2013 (6)
  3. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (1)
  4. Bundespolizeivirus, Ukash
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (27)
  5. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (2)
  6. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (1)
  7. Bundespolizeivirus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (9)
  8. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  9. Bundespolizeivirus 100 Euro zahlen ! WIN 32 bit
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (6)
  10. Bundespolizeivirus .. zahle 100€
    Log-Analyse und Auswertung - 25.03.2012 (1)
  11. Neuer Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (5)
  12. Bundespolizeivirus
    Log-Analyse und Auswertung - 23.12.2011 (24)
  13. Neuer Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (17)
  14. Bundespolizeivirus (Win 7)
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (32)
  15. Befall mit Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  16. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (3)
  17. bundespolizeivirus logs
    Log-Analyse und Auswertung - 15.08.2011 (3)

Zum Thema bundespolizeivirus (+bild +verhalten) - hallo zusammen, problem schaut so aus: hxxp://imageshack.us/photo/my-images/15/imag0895x.jpg/ leider überhitzt der rechner zuverlässig bei zu langer arbeit. (backup) hab dateien gefunden die nach infektion erstellt worden, aber das bringt mich nicht - bundespolizeivirus (+bild +verhalten)...
Archiv
Du betrachtest: bundespolizeivirus (+bild +verhalten) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.