• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    virus Trojan.Ransom.Gen no se puede eliminar

    Hola muy buenas, Hace dos dias al entrar en internet se abrio una ventana de la policia que cubrio toda la pantalla. En ella dice que por cuestion de seguridad y no se que; mi ...

    1. #1
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      virus Trojan.Ransom.Gen no se puede eliminar

      Hola muy buenas,

      Hace dos dias al entrar en internet se abrio una ventana de la policia que cubrio toda la pantalla. En ella dice que por cuestion de seguridad y no se que; mi sistema esta bloqueado. Debo pagar un importe de 100 euros y podre tener mi sistema de nuevo. Ademas aparece mi numero de IP, location y mi proveedor de internet.

      Con el modo seguro pude reiniciar la maquina, desconecte el internet. Pase avira antivirus y no encontro nada. Utilize Malwarebytes y encontro el archivo troyano del titulo. Lo borro automaticamente. Y no hubo problemas, pude utilizar internet.

      Hoy trabaje sin problemas (sin internet), cuando voy a la red, reaparece el mismo aviso de la policia; y no me deja trabajar mas. De modo seguro reinicio la maq. y paso de nuevo Malwaresbytes; elimino el virus troyano, pero hete aqui que voy a donde se encuentra (c:// etc) e intento eliminarlo manualmente. Pero reaparece a los pocos segundos. ( el archivo c:\windows\system32\ctfmon..).
      En este momento trabajo sin problemas pero pienso que manhana cuando encienda la maquina vuelva aparecer este virus. Porque de echo no esta eliminado (creo yo).

      Alguien tiene una pista o idea?? Disculpen la lata y muchas gracias desde ya.
      Torcas

    2. #2
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.932

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola

      Realiza lo siguiente:



      Descargar DDS.pif desde aquí y guardarla en su escritorio de Windows.
      • Si usas Firefox dale clic derecho y selecciona Guardar Como
      • Si falla lo anterior --> descarga DDS.scr

      Haga doble clic en dds.pif para ejecutar la herramienta y espere pacientemente el reporte.
      • Cuando haya terminado, DDS, se abrirá dos (2) los reportes:

      1. DDS.txt
      2. Attach.txt
      En la próxima respuesta:
      Pega los reportes llamados DDS.txt y Attach.txt

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola gracias por la pronta respuesta. Aqui los resultados:
      .
      DDS (Ver_2011-08-26.01) - FAT32x86
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
      Run by - at 0:51:04 on 2012-08-10
      Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1014.265 [GMT 2:00]
      .
      .
      ============== Running Processes ===============
      .
      C:\WINDOWS\system32\svchost.exe -k DcomLaunch
      SVCHOST.EXE
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
      SVCHOST.EXE
      SVCHOST.EXE
      C:\WINDOWS\system32\spoolsv.exe
      SVCHOST.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
      C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
      C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
      C:\Programme\Intel\Wireless\Bin\EvtEng.exe
      C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
      C:\WINDOWS\system32\HPSIsvc.exe
      C:\Programme\Java\jre6\bin\jqs.exe
      C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
      C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
      C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      C:\DOKUME~1\-\LOKALE~1\Temp\RtkBtMnt.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\wbem\unsecapp.exe
      C:\WINDOWS\System32\svchost.exe -k HTTPFilter
      C:\Programme\Mozilla Firefox\firefox.exe
      C:\Programme\Mozilla Firefox\plugin-container.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com/
      uInternet Settings,ProxyOverride = local
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
      BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
      BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: {00000000-0000-0000-0000-000000000000} - No File
      uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
      uRun: [Google Update] "c:\dokumente und einstellungen\-\lokale einstellungen\anwendungsdaten\google\update\GoogleUpdate.exe" /c
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRun: [RTHDCPL] RTHDCPL.EXE
      mRun: [AzMixerSel] c:\programme\realtek\installshield\AzMixerSel.exe
      mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
      mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
      mRun: [TrayServer] c:\programme\magix\video_deluxe_16_plus\TrayServer.exe
      mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
      mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
      mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
      mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      dRun: [4Y3Y0C3A0F7W1W5WQQXFRQ] c:\recycle.bin\B6232F3AC28.exe
      StartupFolder: c:\dokume~1\-\startm~1\progra~1\autost~1\ctfmon.lnk - c:\windows\system32\rundll32.exe
      StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
      IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
      DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
      DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283277826469
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      TCP: DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{FFFA6554-186C-4C68-AF4B-532E5C9F3748} : DhcpNameServer = 192.168.1.1
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
      Notify: igfxcui - igfxdev.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      LSA: Authentication Packages = msv1_0 nwprovau
      Hosts: 127.0.0.1 www.spywareinfo.com
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\dokumente und einstellungen\-\anwendungsdaten\mozilla\firefox\profiles\cmglls5g.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - about:home
      FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
      FF - component: c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
      FF - plugin: c:\dokumente und einstellungen\-\lokale einstellungen\anwendungsdaten\google\update\1.3.21.115\npGoogleUpdate3.dll
      FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll
      FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
      FF - plugin: c:\programme\google\google updater\2.4.2432.1652\npCIDetect14.dll
      FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
      FF - plugin: c:\programme\google\update\1.3.21.115\npGoogleUpdate3.dll
      FF - plugin: c:\programme\google\update\1.3.21.99\npGoogleUpdate3.dll
      FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
      FF - plugin: c:\programme\microsoft silverlight\5.1.10411.0\npctrlui.dll
      FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
      .
      ---- FIREFOX POLICIES ----
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      ============= SERVICES / DRIVERS ===============
      .
      R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\gemeinsame dateien\magix services\database\bin\FABS.exe [2009-5-6 1220608]
      R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-4-3 99896]
      R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-12-10 14976]
      R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\all users\anwendungsdaten\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 gupdate1c9d587f37e683e;Google Update Service (gupdate1c9d587f37e683e);c:\programme\google\update\GoogleUpdate.exe [2009-5-15 133104]
      S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-4-5 158856]
      S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-26 250056]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\gemeinsame dateien\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
      S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2009-5-15 133104]
      S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
      S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-4-3 17408]
      S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
      S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
      .
      =============== Created Last 30 ================
      .
      2012-08-09 09:40:37 -------- d--h--r- c:\dokumente und einstellungen\-\Recent
      2012-07-26 12:32:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-07-20 10:45:40 -------- d-sh--w- C:\FOUND.006
      2012-07-17 21:50:01 69660 ----a-w- c:\windows\Fart.exe
      2012-07-17 21:50:01 11776 ----a-w- c:\windows\Colous.exe
      2012-07-17 20:28:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-07-17 20:28:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
      2012-07-16 21:03:31 -------- d-----w- c:\programme\ESET
      .
      ==================== Find3M ====================
      .
      2012-08-02 19:20:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-06-22 11:06:24 264 ----a-w- c:\windows\system32\srvblck5.tmp
      2012-06-13 13:55:14 1866240 ----a-w- c:\windows\system32\win32k.sys
      2012-06-05 15:49:30 1372672 ------w- c:\windows\system32\msxml6.dll
      2012-06-05 15:49:30 1172480 ----a-w- c:\windows\system32\msxml3.dll
      2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
      2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
      2012-06-02 13:19:38 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
      2012-06-02 13:19:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
      2012-06-02 13:19:34 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
      2012-06-02 13:19:28 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
      2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
      2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
      2012-06-02 13:18:58 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
      2012-05-31 13:22:02 604160 ----a-w- c:\windows\system32\crypt32.dll
      1999-04-29 19:00:00 99840 ----a-w- c:\programme\gemeinsame dateien\IRAABOUT.DLL
      1999-04-29 19:00:00 70144 ----a-w- c:\programme\gemeinsame dateien\IRAMDMTR.DLL
      1999-04-29 19:00:00 48640 ----a-w- c:\programme\gemeinsame dateien\IRALPTTR.DLL
      1999-04-29 19:00:00 31744 ----a-w- c:\programme\gemeinsame dateien\IRAWEBTR.DLL
      1999-04-29 19:00:00 186368 ----a-w- c:\programme\gemeinsame dateien\IRAREG.DLL
      1999-04-29 19:00:00 17920 ----a-w- c:\programme\gemeinsame dateien\IRASRIAL.DLL
      .
      ============= FINISH: 0:51:59,65 ===============


      .
      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2011-08-26.01)
      .
      Microsoft Windows XP Professional
      Boot Device: \Device\HarddiskVolume1
      Install Date: 31.08.2010 20:34:49
      System Uptime: 09.08.2012 23:07:41 (1 hours ago)
      .
      Motherboard: Acer | | Columbia
      Processor: Intel Pentium II-Prozessor | U2E1 | 2128/133mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (FAT32) - 75 GiB total, 37,431 GiB free.
      D: is FIXED (NTFS) - 75 GiB total, 18,29 GiB free.
      E: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      ==== System Restore Points ===================
      .
      RP48: 07.05.2012 15:31:52 - Systemprüfpunkt
      RP49: 09.05.2012 19:39:14 - Systemprüfpunkt
      RP50: 10.05.2012 00:25:17 - Software Distribution Service 3.0
      RP51: 12.05.2012 09:54:55 - Software Distribution Service 3.0
      RP52: 13.05.2012 13:23:17 - Systemprüfpunkt
      RP53: 16.05.2012 13:01:26 - Systemprüfpunkt
      RP54: 20.05.2012 12:42:47 - Systemprüfpunkt
      RP55: 22.05.2012 00:37:39 - Systemprüfpunkt
      RP56: 22.05.2012 09:29:00 - Software Distribution Service 3.0
      RP57: 23.05.2012 12:27:46 - Systemprüfpunkt
      RP58: 24.05.2012 22:56:05 - Systemprüfpunkt
      RP59: 25.05.2012 23:29:04 - Systemprüfpunkt
      RP60: 27.05.2012 09:51:59 - Systemprüfpunkt
      RP61: 28.05.2012 14:22:55 - Systemprüfpunkt
      RP62: 30.05.2012 23:22:57 - Systemprüfpunkt
      RP63: 01.06.2012 12:38:30 - Systemprüfpunkt
      RP64: 02.06.2012 14:05:00 - Systemprüfpunkt
      RP65: 05.06.2012 11:42:09 - Software Distribution Service 3.0
      RP66: 09.06.2012 22:14:44 - Systemprüfpunkt
      RP67: 13.06.2012 1426 - Systemprüfpunkt
      RP68: 14.06.2012 09:19:47 - Software Distribution Service 3.0
      RP69: 15.06.2012 12:32:06 - Systemprüfpunkt
      RP70: 18.06.2012 20:01:32 - Systemprüfpunkt
      RP71: 20.06.2012 13:36:28 - Systemprüfpunkt
      RP72: 22.06.2012 01:09:56 - Systemprüfpunkt
      RP73: 24.06.2012 12:48:50 - Systemprüfpunkt
      RP74: 26.06.2012 20:21:55 - Systemprüfpunkt
      RP75: 27.06.2012 21:04:23 - Systemprüfpunkt
      RP76: 28.06.2012 23:11:00 - Systemprüfpunkt
      RP77: 29.06.2012 23:45:08 - Systemprüfpunkt
      RP78: 01.07.2012 13:48:40 - Systemprüfpunkt
      RP79: 03.07.2012 15:28:13 - Systemprüfpunkt
      RP80: 06.07.2012 17:31:13 - Systemprüfpunkt
      RP81: 08.07.2012 22:21:45 - Systemprüfpunkt
      RP82: 09.07.2012 23:41:47 - Systemprüfpunkt
      RP83: 11.07.2012 12:27:21 - Systemprüfpunkt
      RP84: 12.07.2012 06:28:12 - Software Distribution Service 3.0
      RP85: 13.07.2012 20:20:48 - Systemprüfpunkt
      RP86: 17.07.2012 01:20:18 - Systemprüfpunkt
      RP87: 19.07.2012 23:19:31 - Systemprüfpunkt
      RP88: 23.07.2012 19:25:07 - Systemprüfpunkt
      RP89: 25.07.2012 12:42:18 - Systemprüfpunkt
      RP90: 31.07.2012 17:47:58 - Systemprüfpunkt
      RP91: 01.08.2012 21:26:13 - Systemprüfpunkt
      RP92: 04.08.2012 00:27:33 - Systemprüfpunkt
      RP93: 05.08.2012 01:21:31 - Systemprüfpunkt
      .
      ==== Installed Programs ======================
      .
      Acer Empowering Technology
      Acer eNet Management
      Acer ePower Management
      Acer eSettings Management
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 11 Plugin
      Adobe Reader 9.5.1 - Deutsch
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      ArcSoft TotalMedia 3
      Broadcom Driver v4.170.25.12_Foxconn Installation Program
      Broadcom Gigabit Integrated Controller
      Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
      CCleaner
      CompuApps SwissKnife V3
      Deutsche Geschichte
      EPSON-Drucker-Software
      ESET Online Scanner v3
      Express Rip
      Firebird SQL Server - MAGIX Edition
      FreePDF XP (Remove only)
      Google Chrome
      Google Earth
      Google Update Helper
      Google Updater
      GPL Ghostscript 8.63
      HDAUDIO Soft Data Fax Modem with SmartCP
      Hotfix für Windows XP (KB2443685)
      Hotfix für Windows XP (KB2570791)
      Hotfix für Windows XP (KB2633952)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      Hotfix for Windows XP (KB954550-v5)
      HP LaserJet Professional P1100-P1560-P1600 Series
      Hyplay
      iLivid
      Intel(R) Graphics Media Accelerator Driver
      Intel(R) PROSet/Wireless Software
      InterVideo WinDVD 7
      iTunes
      Java Auto Updater
      Java(TM) 6 Update 26
      LightScribe 1.4.56.1
      MAGIX 3D Maker (embeded)
      MAGIX Screenshare
      MAGIX Speed burnR
      MAGIX Video deluxe 16 Plus 9.0.0.54 (D)
      MAGIX Xtreme Foto Designer 6
      Malwarebytes Anti-Malware versión 1.62.0.1300
      mCore
      Micrografx Picture Publisher 8
      Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 German Language Pack
      Microsoft .NET Framework 1.1 Security Update (KB2656353)
      Microsoft .NET Framework 1.1 Security Update (KB2656370)
      Microsoft .NET Framework 1.1 Security Update (KB979906)
      Microsoft .NET Framework 2.0 Service Pack 2
      Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
      Microsoft .NET Framework 3.0 Service Pack 2
      Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
      Microsoft .NET Framework 3.5 Language Pack SP1 - deu
      Microsoft .NET Framework 3.5 SP1
      Microsoft .NET Framework 4 Client Profile
      Microsoft .NET Framework 4 Client Profile DEU Language Pack
      Microsoft .NET Framework 4 Extended
      Microsoft .NET Framework 4 Extended DEU Language Pack
      Microsoft Compression Client Pack 1.0 for Windows XP
      Microsoft Internationalized Domain Names Mitigation APIs
      Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
      Microsoft National Language Support Downlevel APIs
      Microsoft Office 2000 Premium
      Microsoft Silverlight
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
      Microsoft XML Parser
      mMHouse
      Mozilla Firefox 13.0.1 (x86 es-ES)
      Mozilla Maintenance Service
      mPfMgr
      mProSafe
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      MSXML 4.0 SP2 Parser and SDK
      MSXML 6.0 Parser
      mWlsSafe
      Nero Suite
      phonostar-Player Version 2.01.4
      QuickTime
      RealPlayer
      Realtek High Definition Audio Driver
      RealUpgrade 1.0
      RedMon - Redirection Port Monitor
      Samplitude v6.04
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
      Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
      Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
      Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
      Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
      Sicherheitsupdate für Microsoft Windows (KB2564958)
      Sicherheitsupdate für Windows Internet Explorer 7 (KB2183461)
      Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
      Sicherheitsupdate für Windows Internet Explorer 7 (KB982381)
      Sicherheitsupdate für Windows XP (KB2296199)
      Sicherheitsupdate für Windows XP (KB2393802)
      Sicherheitsupdate für Windows XP (KB2412687)
      Sicherheitsupdate für Windows XP (KB2419632)
      Sicherheitsupdate für Windows XP (KB2423089)
      Sicherheitsupdate für Windows XP (KB2436673)
      Sicherheitsupdate für Windows XP (KB2440591)
      Sicherheitsupdate für Windows XP (KB2443105)
      Sicherheitsupdate für Windows XP (KB2476490)
      Sicherheitsupdate für Windows XP (KB2476687)
      Sicherheitsupdate für Windows XP (KB2478960)
      Sicherheitsupdate für Windows XP (KB2478971)
      Sicherheitsupdate für Windows XP (KB2479628)
      Sicherheitsupdate für Windows XP (KB2479943)
      Sicherheitsupdate für Windows XP (KB2481109)
      Sicherheitsupdate für Windows XP (KB2483185)
      Sicherheitsupdate für Windows XP (KB2485376)
      Sicherheitsupdate für Windows XP (KB2485663)
      Sicherheitsupdate für Windows XP (KB2503658)
      Sicherheitsupdate für Windows XP (KB2503665)
      Sicherheitsupdate für Windows XP (KB2506212)
      Sicherheitsupdate für Windows XP (KB2506223)
      Sicherheitsupdate für Windows XP (KB2507618)
      Sicherheitsupdate für Windows XP (KB2507938)
      Sicherheitsupdate für Windows XP (KB2508272)
      Sicherheitsupdate für Windows XP (KB2508429)
      Sicherheitsupdate für Windows XP (KB2509553)
      Sicherheitsupdate für Windows XP (KB2510581)
      Sicherheitsupdate für Windows XP (KB2511455)
      Sicherheitsupdate für Windows XP (KB2524375)
      Sicherheitsupdate für Windows XP (KB2535512)
      Sicherheitsupdate für Windows XP (KB2536276-v2)
      Sicherheitsupdate für Windows XP (KB2536276)
      Sicherheitsupdate für Windows XP (KB2544893-v2)
      Sicherheitsupdate für Windows XP (KB2544893)
      Sicherheitsupdate für Windows XP (KB2555917)
      Sicherheitsupdate für Windows XP (KB2562937)
      Sicherheitsupdate für Windows XP (KB2566454)
      Sicherheitsupdate für Windows XP (KB2567053)
      Sicherheitsupdate für Windows XP (KB2567680)
      Sicherheitsupdate für Windows XP (KB2570222)
      Sicherheitsupdate für Windows XP (KB2570947)
      Sicherheitsupdate für Windows XP (KB2584146)
      Sicherheitsupdate für Windows XP (KB2585542)
      Sicherheitsupdate für Windows XP (KB2592799)
      Sicherheitsupdate für Windows XP (KB2598479)
      Sicherheitsupdate für Windows XP (KB2603381)
      Sicherheitsupdate für Windows XP (KB2618451)
      Sicherheitsupdate für Windows XP (KB2619339)
      Sicherheitsupdate für Windows XP (KB2620712)
      Sicherheitsupdate für Windows XP (KB2621440)
      Sicherheitsupdate für Windows XP (KB2624667)
      Sicherheitsupdate für Windows XP (KB2631813)
      Sicherheitsupdate für Windows XP (KB2633171)
      Sicherheitsupdate für Windows XP (KB2639417)
      Sicherheitsupdate für Windows XP (KB2641653)
      Sicherheitsupdate für Windows XP (KB2646524)
      Sicherheitsupdate für Windows XP (KB2647518)
      Sicherheitsupdate für Windows XP (KB2653956)
      Sicherheitsupdate für Windows XP (KB2655992)
      Sicherheitsupdate für Windows XP (KB2659262)
      Sicherheitsupdate für Windows XP (KB2660465)
      Sicherheitsupdate für Windows XP (KB2661637)
      Sicherheitsupdate für Windows XP (KB2676562)
      Sicherheitsupdate für Windows XP (KB2685939)
      Sicherheitsupdate für Windows XP (KB2686509)
      Sicherheitsupdate für Windows XP (KB2691442)
      Sicherheitsupdate für Windows XP (KB2695962)
      Sicherheitsupdate für Windows XP (KB2698365)
      Sicherheitsupdate für Windows XP (KB2707511)
      Sicherheitsupdate für Windows XP (KB2709162)
      Sicherheitsupdate für Windows XP (KB2718523)
      Sicherheitsupdate für Windows XP (KB2719985)
      Sicherheitsupdate für Windows XP (KB923789)
      Skype Click to Call
      Skype™ 5.9
      Spybot - Search & Destroy
      Switch Sound File Converter
      Texas Instruments PCIxx21/x515/xx12 drivers.
      TIPCI
      Trojancheck 6
      Update für Windows XP (KB2467659)
      Update für Windows XP (KB2541763)
      Update für Windows XP (KB2607712)
      Update für Windows XP (KB2616676)
      Update für Windows XP (KB2641690)
      Update für Windows XP (KB2718704)
      Update für Windows XP (KB971029)
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      VLC media player 1.1.4
      WavePad Sound Editor
      WebFldrs XP
      Windows Genuine Advantage Notifications (KB905474)
      Windows Genuine Advantage Validation Tool (KB892130)
      Windows Management Framework Core
      Windows Media Format 11 runtime
      Windows Media Player 11
      Windows Media Player Firefox Plugin
      Windows XP Service Pack 3
      WinRAR
      XML Paper Specification Shared Components Language Pack 1.0
      .
      ==== End Of File ===========================

      A ver que dices. salu!

    4. #4
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.932

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola

      Por favor realiza los siguientes pasos respetando su orden. Se le recomienda que primero los lea y luego los ejecute

      PASO 1

      Descarga OTL.exe a tu escritorio.

      Recomendaciones:

      En caso de no poder ejecutarlo, descarga la siguiente versión con distinta extención
      OTL.com

      PASO 2

      Da doble click sobre la herramienta OTL.exe (o en su defecto OTL.com) para ejecutar la aplicación

      Antes de hacer el análisis hay que especificar las condiciones de búsqueda, así que realiza lo siguiente en la ventana de OTL

      1. En las partes de Procesos, Módulos, Servicios, Controladores, Registro Normal y Registro Adicional, deben estar marcados en Usar Listado Mínimo
      2. Marcar el casillero Analizar Todos
      3. Tipo de Análisis: Debe estar marcado el casillero Resultado completo
      4. Archivos Creados y Archivos Modificados: Deben estar marcados los casilleros Edad de Archivo
      5. Copia y pega el siguiente texto en el área de Análisis Personalizados /Código de Reparación. (Excluyendo la palabra código)


      Código:
      netsvcs
      msconfig
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.*
      %appdata%\*
      CREATERESTOREPOINT

      PASO 3

      Oprima el botón de Analizar y espere a que el proceso finalice. Al terminar se crearán dos reportes
      • OTL.txt
      • Extra.txt


      En su próxima respuesta pegue el contenido del reporte OTL.txt. El reporte de Extra.txt, déjelo en su escritorio, si es necesario se le pedirá.


      Atención!! No use OTL a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola aqui el informe:
      OTL logfile created on: 12.08.2012 11:39:47 - Run 3
      OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\-\Desktop
      Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

      1014,36 Mb Total Physical Memory | 503,57 Mb Available Physical Memory | 49,64% Memory free
      2,39 Gb Paging File | 1,85 Gb Available in Paging File | 77,73% Paging File free
      Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
      Drive C: | 74,50 Gb Total Space | 37,11 Gb Free Space | 49,82% Space Free | Partition Type: FAT32
      Drive D: | 74,52 Gb Total Space | 18,15 Gb Free Space | 24,35% Space Free | Partition Type: NTFS

      Computer Name: CARLOS | User Name: - | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012.08.12 11:27:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\-\Desktop\OTL.exe
      PRC - [2012.06.19 00:31:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
      PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      PRC - [2012.01.21 00:34:28 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\-\Lokale Einstellungen\temp\RtkBtMnt.exe
      PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
      PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
      PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
      PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
      PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
      PRC - [2007.07.12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
      PRC - [2007.07.04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      PRC - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
      PRC - [2001.08.09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe


      ========== Modules (No Company Name) ==========

      MOD - [2012.08.02 21:20:40 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
      MOD - [2012.06.19 00:31:56 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
      MOD - [2012.06.14 09:25:10 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d5925bf1\system.drawing.dll
      MOD - [2012.06.14 09:24:56 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ee477309\system.windows.forms.dll
      MOD - [2012.06.14 09:24:26 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
      MOD - [2012.01.12 11:45:30 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3e2ae58a\mscorlib.dll
      MOD - [2012.01.12 11:45:02 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_68a4a012\system.xml.dll
      MOD - [2012.01.12 11:44:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b9ae3989\system.dll
      MOD - [2012.01.12 11:44:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
      MOD - [2012.01.12 11:44:04 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
      MOD - [2010.09.04 18:53:06 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
      MOD - [2010.09.04 18:53:04 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
      MOD - [2010.09.04 18:53:04 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
      MOD - [2010.09.04 18:50:12 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
      MOD - [2010.03.04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
      MOD - [2010.03.04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
      MOD - [2008.02.25 22:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
      MOD - [2007.12.11 11:35:28 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
      MOD - [2007.07.20 15:31:26 | 001,376,256 | ---- | M] () -- c:\Acer\Empowering Technology\eNet\eNet.dll
      MOD - [2007.07.04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      MOD - [2007.02.21 11:13:02 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
      MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
      MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


      ========== Win32 Services (SafeList) ==========

      SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
      SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
      SRV - [2012.08.02 21:20:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2012.06.19 00:31:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
      SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
      SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
      SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
      SRV - [2008.08.07 1102 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
      SRV - [2005.11.15 15:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
      SRV - [2001.08.09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
      DRV - [2010.07.07 14:12:24 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
      DRV - [2010.03.06 01:40:58 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
      DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
      DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
      DRV - [2007.12.10 17:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
      DRV - [2007.12.10 17:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
      DRV - [2007.12.10 17:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
      DRV - [2007.09.20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
      DRV - [2007.05.30 14:04:56 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
      DRV - [2007.05.01 20:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
      DRV - [2007.02.21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
      DRV - [2007.02.16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
      DRV - [2006.12.22 04:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
      DRV - [2006.12.22 04:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
      DRV - [2006.12.22 04:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
      DRV - [2005.04.07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
      DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
      DRV - [2004.07.19 1300 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
      DRV - [2001.08.23 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
      DRV - [2001.08.23 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
      DRV - [2001.07.13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


      IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\..\SearchScopes\{9FA53124-C1BB-48B0-A441-5CEB0594A013}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-583907252-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Search Results"
      FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
      FF - prefs.js..browser.search.order.1: "Search Results"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.search.update: false
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "about:home"
      FF - prefs.js..extensions.enabledItems: [email protected]:1.0
      FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
      FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
      FF - prefs.js..network.proxy.http: "127.0.0.1"
      FF - prefs.js..network.proxy.http_port: 54667


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Programme\Veetle\VLCBroadcast\npvbp.dll File not found
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.14 12:50:00 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\13001.008 [2012.06.22 13:06:44 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.12.10 16:43:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.12.10 16:43:32 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\13001.008 [2012.06.22 13:06:44 | 000,000,000 | ---D | M]

      [2008.12.10 22:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\Mozilla\Extensions
      [2008.12.10 22:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\Mozilla\Firefox\Profiles\cmglls5g.default\extensions
      [2011.11.09 15:39:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\Mozilla\Firefox\Profiles\cmglls5g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
      [2009.08.05 12:42:32 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\Mozilla\Firefox\Profiles\cmglls5g.default\searchplugins\winamp-search.xml
      [2011.11.09 15:39:16 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\Mozilla\Firefox\Profiles\cmglls5g.default\searchplugins\SearchResults.xml
      [2008.12.10 16:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
      [2012.04.12 17:32:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      [2011.10.30 11:20:56 | 000,434,392 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\-\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\CMGLLS5G.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
      [2010.11.25 22:21:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
      [2012.06.22 13:06:44 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINDOWS\SYSTEM32\13001.008
      [2012.06.19 00:31:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
      [2011.05.04 04:52:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
      [2010.09.28 17:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
      [2012.02.16 11:48:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
      [2012.02.16 12:22:48 | 000,003,996 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\drae.xml
      [2012.02.16 12:22:48 | 000,001,143 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-es.xml
      [2012.02.16 11:48:02 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml
      [2012.02.16 12:22:48 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012.02.16 12:22:48 | 000,001,102 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: http://www.searchqu.com/406
      CHR - default_search_provider: Bing (Enabled)
      CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=de-DE&q={searchTerms}
      CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
      CHR - homepage: http://www.searchqu.com/406
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.75\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
      CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
      CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
      CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
      CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
      CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
      CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
      CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\

      O1 HOSTS File: ([2012.01.21 12:15:44 | 000,439,490 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 www.008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 www.00hq.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 www.0scan.com
      O1 - Hosts: 127.0.0.1 0scan.com
      O1 - Hosts: 127.0.0.1 1000gratisproben.com
      O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
      O1 - Hosts: 127.0.0.1 1001namen.com
      O1 - Hosts: 127.0.0.1 www.1001namen.com
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 www.100888290cs.com
      O1 - Hosts: 127.0.0.1 www.100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 www.10sek.com
      O1 - Hosts: 127.0.0.1 www.1-2005-search.com
      O1 - Hosts: 127.0.0.1 1-2005-search.com
      O1 - Hosts: 15137 more lines...
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
      O3 - HKU\S-1-5-21-583907252-1682526488-839522115-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
      O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
      O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE File not found
      O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_16_Plus\Trayserver.exe (MAGIX AG)
      O4 - HKU\.DEFAULT..\Run: [4Y3Y0C3A0F7W1W5WQQXFRQ] C:\Recycle.Bin\B6232F3AC28.exe File not found
      O4 - HKU\S-1-5-18..\Run: [4Y3Y0C3A0F7W1W5WQQXFRQ] C:\Recycle.Bin\B6232F3AC28.exe File not found
      O4 - HKU\S-1-5-21-583907252-1682526488-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
      O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-583907252-1682526488-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-583907252-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKU\S-1-5-21-583907252-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
      O7 - HKU\S-1-5-21-583907252-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283277826469 (MUWebControl Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
      O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
      O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2008.12.10 01:06:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
      O32 - AutoRun File - [2012.06.13 20:30:52 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      NetSvcs: 6to4 - File not found
      NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found

      MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^EPSON Status Monitor 3 Environment Check 2.lnk - - File not found
      MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk - C:\Programme\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
      MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
      MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
      MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
      MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
      MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
      MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google)
      MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
      MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
      MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
      MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
      MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
      MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
      MsConfig - State: "system.ini" - 0
      MsConfig - State: "win.ini" - 0
      MsConfig - State: "bootini" - 0
      MsConfig - State: "services" - 0
      MsConfig - State: "startup" - 2

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012.08.12 11:27:40 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\-\Desktop\OTL.exe
      [2012.08.09 11:40:37 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\-\Recent
      [2012.07.26 14:32:11 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
      [2012.07.20 12:45:40 | 000,000,000 | -HSD | C] -- C:\FOUND.006
      [2012.07.17 23:50:01 | 000,036,864 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
      [2012.07.16 23:03:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET
      [1999.04.29 21:00:00 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAREG.DLL
      [1999.04.29 21:00:00 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL
      [1999.04.29 21:00:00 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL
      [1999.04.29 21:00:00 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL
      [1999.04.29 21:00:00 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL
      [1999.04.29 21:00:00 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL
      [34 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012.08.12 11:32:12 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2012.08.12 11:27:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\-\Desktop\OTL.exe
      [2012.08.12 11:24:18 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-839522115-1003.job
      [2012.08.12 11:24:14 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-839522115-1003.job
      [2012.08.12 11:24:06 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012.08.12 11:23:22 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2012.08.12 11:23:18 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
      [2012.08.12 11:23:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2012.08.12 11:23:02 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
      [2012.08.12 11:19:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2012.08.10 22:31:02 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-839522115-1003Core1cd62c82988fe3c.job
      [2012.08.10 09:34:22 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\-\Desktop\Google Chrome.lnk
      [2012.08.09 23:05:40 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ldsw_0paos.pad
      [2012.08.07 13:59:06 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
      [2012.08.04 18:35:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [2012.08.02 21:20:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
      [2012.08.02 21:20:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
      [2012.08.01 18:57:16 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
      [2012.07.27 17:39:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
      [2012.07.24 08:43:18 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
      [2012.07.16 18:46:12 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad
      [34 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012.08.08 16:39:32 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ldsw_0paos.pad
      [2012.07.27 17:39:27 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
      [2012.07.27 17:39:27 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
      [2012.07.26 14:32:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2012.07.24 08:43:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
      [2012.07.17 23:50:01 | 000,069,660 | ---- | C] () -- C:\WINDOWS\Fart.exe
      [2012.07.17 23:50:01 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Colous.exe
      [2012.07.16 1426 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\to_r0tsef.pad
      [2012.07.15 22:26:49 | 000,001,142 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1682526488-839522115-1003Core1cd62c82988fe3c.job
      [2012.02.15 22:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
      [2012.01.20 09:16:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\{C35C9784-6C53-47B3-81E9-4353AC983CA9}
      [2011.04.03 15:26:33 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
      [2011.04.03 15:26:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
      [2011.04.03 15:26:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
      [2011.04.03 15:25:58 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
      [2011.04.03 15:25:51 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
      [2011.03.23 14:32:56 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
      [2010.11.26 18:03:52 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\-\aseinactive.dat
      [2010.09.06 20:03:35 | 000,303,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
      [2010.09.06 20:03:35 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
      [2010.09.04 19:58:08 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
      [2010.09.04 19:31:35 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll
      [2010.09.04 18:36:46 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
      [2010.09.04 14:28:15 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
      [2010.09.04 14:28:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
      [2010.09.04 14:28:15 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
      [2010.08.31 20:18:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
      [2010.08.31 18:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2009.07.18 10:55:32 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\-\default.pls
      [2009.03.22 00:28:11 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== LOP Check ==========

      [2008.12.10 02:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Broadcom
      [2009.04.02 21:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{92E7A367-8E12-4830-AA70-29C32E331A81}
      [2010.11.25 19:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
      [2010.12.14 16:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      [2011.03.23 14:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
      [2011.11.09 15:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
      [2011.11.09 15:39:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{08E30618-5D06-461B-BBD3-4ADFB0810824}
      [2008.12.11 11:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\InterVideo
      [2009.01.02 14:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\phonostar-Player
      [2009.08.16 20:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\FileZilla
      [2010.04.29 16:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\CoSoSys
      [2010.11.13 13:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\OpenOffice.org
      [2010.11.25 19:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\NCH Swift Sound
      [2011.03.23 15:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\MAGIX
      [2011.01.20 19:03:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\expressripDowngrade.job
      [2011.01.20 19:03:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
      [2012.07.24 08:43:18 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
      [2012.06.13 19:42:30 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
      [2012.06.13 19:42:32 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %systemroot%\System32\config\*.sav >
      [2010.08.31 20:25:26 | 018,960,384 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
      [2010.08.31 20:25:26 | 004,980,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
      [2010.08.31 20:25:26 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
      [2010.08.24 11:57:58 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav

      < %SYSTEMDRIVE%\*.* >
      [2008.12.10 00:50:42 | 000,000,512 | -HS- | M] () -- C:\bootsect.dos
      [2008.12.10 01:06:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
      [2008.12.10 01:06:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
      [2008.12.10 01:06:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2008.12.10 01:06:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2012.08.12 11:23:02 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
      [2012.08.12 11:23:02 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
      [2004.08.03 23:00:10 | 000,262,448 | RHS- | M] () -- C:\cmldr
      [2012.01.16 0348 | 000,000,245 | ---- | M] () -- C:\Boot.bak
      [2012.01.21 00:05:44 | 000,015,117 | ---- | M] () -- C:\ComboFix.txt
      [2012.07.17 23:55:56 | 000,054,329 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012.07.25 02:00:24 | 000,006,436 | ---- | M] () -- C:\drwtsn32.log
      [2008.12.10 02:14:00 | 000,000,007 | ---- | M] () -- C:\ISACER.id
      [2010.02.08 14:03:12 | 000,000,000 | RHS- | M] () -- C:\khu
      [2010.02.10 18:11:40 | 000,000,000 | RHS- | M] () -- C:\khw
      [2001.08.23 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
      [2010.08.31 21:12:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
      [2010.08.31 20:24:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2012.01.20 22:23:04 | 000,000,355 | RHS- | M] () -- C:\boot.ini

      < %appdata%\* >
      [2008.12.10 00:53:44 | 000,000,062 | -HS- | M] () -- C:\Dokumente und Einstellungen\-\Anwendungsdaten\desktop.ini

      < End of report >

      muchas gracias y cuentame como sigue.

    6. #6
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.932

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola

      Te pido paciencia en lo que revizamos el reporte de OTL y preparo una respuesta

      IMPORTANTE:

      • NO ejecutes otras herramientas antivirus/antimalwares. Aunque puedes activar nuevamente tu antivirus

      • NO ejecutes OTL

        Hasta que vuelva con una respuesta

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      Malware Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola Zackrated, gracias de antemano.
      Espero entonces novedades.

    8. #8
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.932

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Hola

      Por favor sigue los pasos de este manual Eliminar Virus de la Policía (Ransomware)

      Nos comentas los resultados

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Zackrated, mira. Intento entrar en modo seguro. Pero la pantalla oscura como me muestras en el ejemplo no se encuentra nunca;entonces no puedo escribir la palabra DISKPART y las otras; Tampoco se como entrar en esos "comandos" No se a que te refieres?? No puedo intentar bajar polifix directo a mi escritorio y hacer el analisis desde alli??
      Habra un manual menos tecnico para usuarios brutos? Porfa una ayuda mas o un tipp, gracias!:

    10. #10
      Usuario Avatar de Torcas
      Registrado
      ene 2012
      Ubicación
      Berlin
      Mensajes
      27

      Re: virus Trojan.Ransom.Gen no se puede eliminar

      Tema cerrado, problema resuelto, muchas gracias y perdonen(las chotas preguntas)ja!