Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.


Plagegeister aller Art und deren Bekämpfung: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.12.2012, 14:40   #1
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.


Liebes Trojaner-Board.

Ich hoffe dass ihr mir hier helfen könnt.

Vor ein paar Tagen rief meine Freundin an. Während dem Surfen hatte sie plötzlich ne Meldung von der Bundespolizei (Österreich) am Bildschirm, sie soll 100€ zahlen oder ihr Computer wird gesperrt - danach hat er sich runtergefahren und wieder gebootet.

Ein bisschen recherche hat mich hierher geführt. Ein Quickscan mit Malwarebytes Anti-Malware zeigte den Trojan.fakeMS an - habe aber noch nix in quarantäne geschickt oder gelöscht, sondern erst mal die Punkte 1-3 im "Für alle Hilfesuchenden" - Thread durchgeführt. Am Rechner läuft Windows Vista

De-Fogger hab ich ausgeführt.

OTL:
Code:
ATTFilter
OTL logfile created on: 30.12.2012 13:48:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,59% Memory free
6,18 Gb Paging File | 4,69 Gb Available in Paging File | 75,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 32,24 Gb Free Space | 34,24% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 107,94 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.30 13:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
PRC - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 20:43:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.07 20:40:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.25 02:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.28 12:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Programme\Google\Google EULA\GoogleEULALauncher.exe
PRC - [2008.04.28 16:21:56 | 000,374,784 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.12\osd.exe
PRC - [2008.04.25 07:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.12\OsdService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.02.22 17:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
PRC - [2006.09.18 13:12:06 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.21 20:04:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f4458d63e51a43c856942ea40dda3a9\System.ServiceProcess.ni.dll
MOD - [2011.06.21 20:02:21 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\45af364b6f9480c42c4c57ea46f384f6\System.Xaml.ni.dll
MOD - [2011.06.21 20:00:49 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011.06.21 14:15:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.21 14:15:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.21 14:14:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.21 14:14:33 | 017,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e1118f4cb54334d606d47fd4e1bcc09e\PresentationFramework.ni.dll
MOD - [2011.06.21 14:14:18 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ee99ffeb7b1ab53f394e0e1bf8759ce\PresentationCore.ni.dll
MOD - [2011.06.21 14:14:06 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c8482ea964f3031763d12f0a1c38d4ce\WindowsBase.ni.dll
MOD - [2011.06.21 14:13:55 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8a8bc7cc941913983b0dec8c65102629\System.Core.ni.dll
MOD - [2011.06.21 14:13:54 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\912daeab3595b7987f79bc58a93190eb\System.Xml.ni.dll
MOD - [2011.06.21 14:13:48 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5bd0e884402abff8c9fa924ffd7375f\System.Configuration.ni.dll
MOD - [2011.06.21 14:13:47 | 009,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\77dc32bfb24f92096395d259733ba80b\System.ni.dll
MOD - [2011.06.21 14:12:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.06.21 14:09:38 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fd30bb8e36e4d03126abb3c20a3d9c40\mscorlib.ni.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
MOD - [2005.07.30 20:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\System32\OdiOlDVR.dll
MOD - [2004.06.21 09:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\System32\OdiAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.22 16:34:44 | 000,194,936 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Users\verena\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012.12.06 20:26:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.12\OsdService.exe -- (OsdService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 20:47:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.07 20:47:18 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.07 20:47:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.07 20:47:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.10 19:30:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2008.05.22 23:59:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.01 07:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.31 11:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2007.12.28 18:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 09:31:26 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2007.11.02 12:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 12:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt)
DRV - [2007.11.02 12:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 12:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5)
DRV - [2007.11.02 12:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.11.02 12:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.11 14:20:00 | 000,087,296 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2006.04.07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9rw1p_wd0ydVINcsbonNbvmB7Ek?q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://mail.yahoo.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.10.05 11:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012.10.16 18:38:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:26:21 | 000,000,000 | ---D | M]
 
[2011.05.28 13:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions
[2010.04.28 17:40:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.05 12:59:40 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009.03.26 20:16:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\moveplayer@movenetworks.com
[2009.10.05 11:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Sunbird\Profiles\fllmli6o.default\extensions
[2011.03.23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\verena\AppData\Roaming\mozilla\firefox\profiles\4ja7ie9b.default\searchplugins\SearchquWebSearch.xml
[2012.12.06 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 20:26:25 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:54:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DetectTray] C:\Programme\DVBT\DetectTray.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\verena\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A4037D-3BFC-4461-8658-BCCD6363A663}: DhcpNameServer = 192.168.177.200
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O24 - Desktop BackupWallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0885e8df-7c32-11de-8d5b-00f1d000f1d0}\Shell\AutoRun\command - "" = RECYCLER\usbassist.exe
O33 - MountPoints2\{0885e8df-7c32-11de-8d5b-00f1d000f1d0}\Shell\opEN\CoMmanD - "" = RECYCLER\usbassist.exe
O33 - MountPoints2\{3fec8387-fa93-11dd-bc49-00030d9dab00}\Shell - "" = AutoRun
O33 - MountPoints2\{3fec8387-fa93-11dd-bc49-00030d9dab00}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{4981fbf2-d06f-11de-968d-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\AutoTransfer.exe
O33 - MountPoints2\{8f991401-b3b1-11dd-ac4b-00030d9dab00}\Shell - "" = AutoRun
O33 - MountPoints2\{8f991401-b3b1-11dd-ac4b-00030d9dab00}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 13:45:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2012.12.30 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Malwarebytes
[2012.12.30 13:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.30 13:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 13:36:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.30 13:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.22 16:34:44 | 000,194,936 | ---- | C] (Корпорация Майкрософт) -- C:\Users\verena\wgsdgsdgdsgsd.exe
[2012.12.16 20:55:08 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.06 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 13:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2012.12.30 13:43:51 | 000,000,000 | ---- | M] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:23 | 000,050,477 | ---- | M] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 13:32:48 | 000,002,487 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
[2012.12.30 13:32:47 | 000,135,766 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.30 13:32:40 | 000,135,766 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.12.30 13:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 13:31:50 | 3215,613,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 16:43:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 16:43:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 16:43:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 16:43:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 16:39:53 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.22 16:34:46 | 000,002,915 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.22 16:34:46 | 000,000,892 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.22 16:34:44 | 000,194,936 | ---- | M] (Корпорация Майкрософт) -- C:\Users\verena\wgsdgsdgdsgsd.exe
[2012.12.22 09:52:52 | 000,002,637 | ---- | M] () -- C:\Users\verena\Desktop\Microsoft Office Word 2003.lnk
[2012.12.16 20:55:08 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.12 23:20:08 | 000,163,423 | ---- | M] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | M] () -- C:\Users\verena\Desktop\DSC01763.JPG
[2012.12.03 17:57:13 | 000,017,946 | ---- | M] () -- C:\Users\verena\Desktop\spruch.jpg
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.30 13:43:51 | 000,000,000 | ---- | C] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:20 | 000,050,477 | ---- | C] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 16:34:46 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.22 16:34:46 | 000,000,892 | ---- | C] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.22 16:34:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.12 23:20:07 | 000,163,423 | ---- | C] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | C] () -- C:\Users\verena\Desktop\DSC01763.JPG
[2012.12.03 17:57:12 | 000,017,946 | ---- | C] () -- C:\Users\verena\Desktop\spruch.jpg
[2011.01.29 16:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 16:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 16:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 16:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 16:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.29 22:15:47 | 000,004,096 | -H-- | C] () -- C:\Users\verena\AppData\Local\keyfile3.drm
[2010.10.31 15:45:43 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.14 08:25:41 | 000,000,680 | ---- | C] () -- C:\Users\verena\AppData\Local\d3d9caps.dat
[2008.10.15 13:11:28 | 000,171,629 | ---- | C] () -- C:\Users\verena\Teilnahmebestaetigung_widl.pdf
[2008.09.27 19:49:02 | 000,015,239 | ---- | C] () -- C:\Users\verena\edt_l2_lm_2008_2009_s3.pdf
[2008.09.27 19:48:31 | 000,008,209 | ---- | C] () -- C:\Users\verena\edt_agreg_lm_08_09_s1.pdf
[2008.09.27 19:46:08 | 000,005,745 | ---- | C] () -- C:\Users\verena\reunions_rentree_08_09.pdf
[2008.09.27 19:40:49 | 000,014,594 | ---- | C] () -- C:\Users\verena\edt_l1_lc_2008_2009_s1.pdf
[2008.09.10 19:35:40 | 000,233,472 | ---- | C] () -- C:\Users\verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.03 05:11:42 | 000,135,766 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.03 05:11:42 | 000,135,766 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.10 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\ACD Systems
[2011.06.19 21:36:05 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Amazon
[2010.10.31 12:43:36 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Canon
[2009.12.15 13:48:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\CD-LabelPrint
[2012.12.30 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Dropbox
[2011.07.03 14:14:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\FileZilla
[2011.06.22 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Foxit Software
[2008.09.10 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\funkitron
[2011.06.02 07:41:57 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\go
[2009.06.11 11:42:48 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\REAPER
[2011.04.03 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Samsung
[2012.07.12 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Temp
[2010.08.17 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Topten Software
 
========== Purity Check ==========
 
 

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2012 13:48:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,59% Memory free
6,18 Gb Paging File | 4,69 Gb Available in Paging File | 75,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 32,24 Gb Free Space | 34,24% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 107,94 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0526D508-B578-4288-98AE-70E219C582E4}" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0648BDD1-337D-4A8F-8ACC-E71FA8B05A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AB5973B-A350-44CB-A205-4E162D46EA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18E60919-6191-410F-A9BF-A0D93B8BB080}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77420F8E-72B2-40D7-AEDC-18E40676F4B9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9F61CC14-3301-4759-B2AD-68D808CB681E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AEEC8CAE-36BB-41E3-80A5-F173E0009B7D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BAF34C7D-38F9-485D-82D9-B154CD5302B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB5F8D0-05F2-4046-B5E2-D0EE49F59E41}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C4B76E08-3894-4309-BC9F-37FD27031538}" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{117DAEC2-BC55-4BBE-98F0-7E288D00C10B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{226EE5EF-37DF-4F49-8B67-9F6446F5C393}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{3BF37AF1-1ACA-4E14-BFAB-CA3C3D5364BF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{44AB24EA-4AB1-437E-933D-AB5A20259E73}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{47344484-FF21-4E08-B4BC-C8C781069DE4}C:\users\verena\desktop\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"TCP Query User{666BBFC6-387F-4CFC-B454-967A999C1737}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{97D3E8DB-D33A-4774-BE10-9706CEEB3CB0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AA6E6B61-6B2E-4A92-8618-2BBF3B9CB74E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AF9E711E-58D5-4CBB-94A1-621EF6736287}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ECF3E530-59E7-4ED0-BA71-93A880FEFC7D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6791980-CCA5-4606-8737-759E10F16D99}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0041C3B3-E292-4A55-AB21-BE19B2090B64}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{14237D78-083A-4384-AF92-CD8D12A71FE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2207F600-E638-4348-A3F1-2B23AC36F900}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{38864E06-E8FA-4385-A149-DF5E6CA60FDF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{54CC3212-D434-400F-80A6-70AF8B98E2F1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5C480BA6-C83C-4F6D-991B-D4D7565E7F81}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6E1D3991-A582-43EF-9F80-1491BDC1290F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{722F09FE-A550-44CC-B21F-1A7D192B1F8A}C:\users\verena\desktop\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"UDP Query User{C832622D-1C41-4920-B514-232A157BEE1F}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E0C1C88C-F8B5-4339-B039-76B535AE9782}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EAC715E0-0DE6-46A0-8DB5-9BBC93860679}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18012051-2586-4DD5-80AB-8F2358CB78C9}" = Brother HL-4040CN
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cantabile 2.0 Lite" = Cantabile 2.0 Lite
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Desktop" = Google Desktop
"HyperSnap 6" = HyperSnap 6
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2012 19:21:08 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.12.2012 19:21:10 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 04:45:50 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 04:46:30 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.12.2012 08:09:42 | Computer Name = verena-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ACDSee11.exe, Version 11.0.108.0, Zeitstempel
 0x4939da4f, fehlerhaftes Modul ACDSee11.exe, Version 11.0.108.0, Zeitstempel 0x4939da4f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00624b51,  Prozess-ID 0xbf0, Anwendungsstartzeit
 01cde03c4e95b2a7.
 
Error - 22.12.2012 11:26:05 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 11:27:14 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.12.2012 11:39:26 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 11:39:40 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.12.2012 12:44:26 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.12.2012 08:33:17 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 21.12.2012 19:19:55 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 04:44:13 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 11:24:26 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 11:38:38 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.12.2012 12:40:22 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.12.2012 12:44:08 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.12.2012 12:45:09 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.12.2012 08:31:59 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.12.2012 08:33:33 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.12.2012 08:36:28 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
Gmer:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-30 14:36:38
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: q9bywqiq.exe; Driver: C:\Users\verena\AppData\Local\Temp\awliypow.sys


---- System - GMER 1.0.15 ----

SSDT            8D1EC6D6                                  ZwCreateSection
SSDT            8D1EC6E0                                  ZwRequestWaitReplyPort
SSDT            8D1EC6DB                                  ZwSetContextThread
SSDT            8D1EC6E5                                  ZwSetSecurityObject
SSDT            8D1EC6EA                                  ZwSystemDebugControl
SSDT            8D1EC677                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 448           828C4A6C 4 Bytes  [D6, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 76C           828C4D90 4 Bytes  [E0, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 7A0           828C4DC4 4 Bytes  [DB, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 804           828C4E28 4 Bytes  [E5, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 84C           828C4E70 4 Bytes  [EA, C6, 1E, 8D]
.text           ...                                       
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8E40C320, 0x3E4E87, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   kbfiltr.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1   kbfiltr.sys
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Würde mich über Unterstützung freuen!

 

Themen zu Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.
7-zip, antivir, autorun, avira, bho, bildschirm, canon, computer, excel, flash player, format, google, helper, iexplore.exe, install.exe, intranet, java/exploit.cve-2012-1723.fg, js/agent.nid, logfile, mozilla, norman, olympus, plug-in, registry, rundll, security, software, trojaner, wgsdgsdgdsgsd.exe, win32/reveton.n, windows


« Startfenster.com hat auch mich erwischt | Schlafender Virus (Nirsoft?) »


Ähnliche Themen: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.


  1. Laptop meiner Freundin
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (13)
  2. Trojan.FakeMS.ED, Trojan.FakeMS, trojware.win32.injector
    Log-Analyse und Auswertung - 03.09.2014 (19)
  3. Der Laptop meiner Freundin hat kein Internet mehr und es wurde bereits viel Malware entdeckt.
    Log-Analyse und Auswertung - 17.06.2014 (17)
  4. Antivirus Security Pro auf Laptop (Freundin schuld :-( )
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (4)
  5. Software.Updater.ui.exe nun auf dem Rechner meiner Freundin nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  7. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  8. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  9. Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (18)
  10. Trojan.FakeMS / Trojan.Agent.ck / Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (3)
  11. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  12. PC meiner Freundin wird immer langsamer
    Log-Analyse und Auswertung - 26.02.2012 (4)
  13. Keylogger bei meiner Freundin?
    Überwachung, Datenschutz und Spam - 16.01.2012 (1)
  14. Trojaner Kazy.26024.5 SpyEyes Trojan.FakeMS (hoffentlich) entfernt aber danach viele Probleme
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (31)
  15. Benötige hilfe beim PC meiner Freundin
    Log-Analyse und Auswertung - 04.08.2007 (1)
  16. INET20004 hat den PC meiner Freundin befallen! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2006 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Liebes Trojaner-Board. Ich hoffe dass ihr mir hier helfen könnt. Vor ein paar Tagen rief meine Freundin an. Während dem Surfen hatte sie plötzlich ne Meldung von der Bundespolizei (Österreich) - Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin....
Archiv
Du betrachtest: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132