|
Log-Analyse und Auswertung: BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
11.06.2012, 14:59 | #1 |
| BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt Hilfe. User mit kaum Ahnung. Dazu Betriebssystem auf spanisch... Habe wohl den BKA Trojaner erwischt. Lt eurer Hilfeanleitung mit Zweitgerät OTl downgeloaded und dann die 2 LogIns erstellt und nach eurem Tipp überall meinen Namen mit XXX ersetzt. Mehr traue ich mich alleine nicht. (Mein PC hat auch noch diverse andere Macken - Fehlermeldungen wg Programmen, die nicht mehr drauf sind etc. Das sollte alles mein Besuch machen, wenn er demnächst kommt. Aber das nervt nur und stört nicht so richtig, weil trotzdem alles geht (Fehlermeldungen babylon, incredimail, etc. - bitte einfach ignorieren). Hier jetzt die beiden LogIn-Dateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2012 14:19:32 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free 5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,30 Gb Total Space | 29,21 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Drive D: | 144,03 Gb Total Space | 125,73 Gb Free Space | 87,29% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: XXX | User Name: XXX | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Archivos de programa\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sesvc) -- C:\Archivos de programa\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) SRV - (Symantec Core LC) -- C:\Archivos de programa\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Programador de LiveUpdate automático) -- C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe () SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (ISPwdSvc) -- c:\Archivos de programa\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (comHost) -- c:\Archivos de programa\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (SymAppCore) -- c:\Archivos de programa\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NAVEX15) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080823.004\NAVEX15.SYS File not found DRV - (NAVENG) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080823.004\NAVENG.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation) DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080813.001\IDSvix86.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (SPBBCDrv) -- C:\Archivos de programa\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fuerteventura-live.de/forum/index.php?page=Portal IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_es IE - HKCU\..\SearchScopes\{C58ADC0E-B2F8-44CD-B30D-26AAAAD4C535}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=19em3Mi3IF0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = gussander wireless ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=de_ES" FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {990af1c2-5a27-4460-8149-ecc6bc122af3}:3.8.1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=de_ES&apn_uid=7b878d1a-56fe-44df-a154-4742cb37438b&apn_ptnrs=%5EABZ&apn_sauid=C05B9C42-F1E4-4C0B-B7C1-B8D980BA02ED&apn_dtid=%5EYYYYYY%5EYY%5EES&&q=" FF - prefs.js..network.proxy.autoconfig_url: "gussander wireless" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 18:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.15 13:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.15 13:16:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 18:54:05 | 000,000,000 | ---D | M] [2009.01.28 20:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Kaiser\AppData\Roaming\mozilla\Extensions [2012.06.10 15:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Kaiser\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions [2009.08.16 23:16:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.23 13:36:56 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2 Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3} [2011.02.13 00:06:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.28 20:23:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\ffxtlbr@babylon.com [2011.12.23 13:34:19 | 000,002,187 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\lki1hxt3.default\searchplugins\MyStart Search.xml [2011.11.04 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions [2011.11.04 20:00:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.22 09:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.25 18:54:05 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2011.11.04 20:00:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.05.14 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.31 09:47:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.01.08 11:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.22 09:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.08 12:29:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.01.28 20:26:56 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.03.08 12:29:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.08 12:29:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.08 12:29:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.08 12:29:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\PROGRAM FILES\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\PROGRAM FILES\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.0_0\ CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll () O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Archivos de programa\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll File not found O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Archivos de programa\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I File not found O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [dwyjifuyohdqees] C:\ProgramData\dwyjifuy.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Tanja Kaiser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Interaktive Sprachreise - Español Newsfeed.lnk = C:\Archivos de programa\digital publishing\FEEDS_12_999999\dpFeeds.exe (digital publishing AG) O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Tanja Kaiser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A73DA6-1DB2-44E6-B93F-59146DE071B8}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Archivos de programa\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17409aa1-3d7b-11dd-87c3-001c2531cfc5}\Shell\AutoRun\command - "" = F:\wyskq6lt.exe O33 - MountPoints2\{17409aa1-3d7b-11dd-87c3-001c2531cfc5}\Shell\open\Command - "" = F:\wyskq6lt.exe O33 - MountPoints2\{aca242fc-5db9-11df-a329-001c2531cfc5}\Shell - "" = AutoRun O33 - MountPoints2\{aca242fc-5db9-11df-a329-001c2531cfc5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 14:18:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.06.11 14:12:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\www.shadowexplorer.com [2012.06.11 14:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.11 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer [2012.06.11 01:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\odurojddncaxkjo [2012.05.28 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.05.28 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AskToolbar [2012.05.28 13:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.28 13:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.05.28 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.05.28 13:53:46 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.28 13:53:46 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.28 13:53:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.05.28 13:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.28 13:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [11 C:\Users\Tanja Kaiser\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 14:15:41 | 000,662,734 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2012.06.11 14:15:41 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.11 14:15:41 | 000,130,586 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2012.06.11 14:15:41 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.11 14:12:28 | 000,001,686 | ---- | M] () -- C:\Users\xxx\Desktop\ShadowExplorer.lnk [2012.06.11 14:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.11 13:46:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.11 13:42:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.11 13:42:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 13:42:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 13:34:56 | 000,007,944 | ---- | M] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2012.06.11 01:54:33 | 000,000,052 | ---- | M] () -- C:\ProgramData\utucpjauvqmcwtg [2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\ydeaneri.exe [2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\rsivjdvt.exe [2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\dwyjifuy.exe [2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\Users\xxx\0.8990687729177202.exe [2012.06.10 14:19:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.06.10 13:32:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.06.08 20:34:11 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Análisis de todo el sistema - xxx.job [2012.05.29 13:31:15 | 000,059,392 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.13 02:18:49 | 000,166,400 | --S- | M] () -- C:\ProgramData\dvje51x3.dat [11 C:\Users\Tanja Kaiser\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 14:12:28 | 000,001,686 | ---- | C] () -- C:\Users\xxx\Desktop\ShadowExplorer.lnk [2012.06.11 01:54:33 | 000,053,248 | ---- | C] () -- C:\ProgramData\rsivjdvt.exe [2012.06.11 01:54:33 | 000,053,248 | ---- | C] () -- C:\ProgramData\dwyjifuy.exe [2012.06.11 01:53:32 | 000,053,248 | ---- | C] () -- C:\ProgramData\ydeaneri.exe [2012.06.11 01:53:32 | 000,053,248 | ---- | C] () -- C:\Users\xxx\0.8990687729177202.exe [2012.06.11 01:53:32 | 000,000,052 | ---- | C] () -- C:\ProgramData\utucpjauvqmcwtg [2012.05.13 02:18:47 | 000,166,400 | --S- | C] () -- C:\ProgramData\dvje51x3.dat [2012.04.01 01:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini [2011.10.14 12:02:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.01.21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2010.10.25 18:49:42 | 000,182,717 | ---- | C] () -- C:\Windows\hpoins36.dat.temp [2010.10.25 18:49:41 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp [2010.10.25 18:38:35 | 000,182,835 | ---- | C] () -- C:\Windows\hpoins36.dat < End of report > und der zweite teil:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2012 14:19:32 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free 5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,30 Gb Total Space | 29,21 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Drive D: | 144,03 Gb Total Space | 125,73 Gb Free Space | 87,29% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: XXX | User Name: XXX | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.) "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST) "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05BE1283-EDDD-4ACB-B015-C05E912CCD79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{0988FC72-1033-4649-AFE6-4289CA5748FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14D4D984-3E89-4063-929D-EF22317C5F98}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{24E6391C-50A1-46CE-A152-6CF0BA59B1A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{3B9878A5-4421-4AD3-9279-0C0D35D0BF6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{470FB55F-1842-4A0F-8A5B-90A717EE7C5E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{53EA13E1-D1D7-42E0-8832-D46EE789BABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{5DBDA725-38F0-4055-B403-40C0A7BC953D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{8008DB18-522F-4586-9B3F-4E92812679E6}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | "{8458BDE3-CDF3-4973-80A8-4BE6D1C9C1FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{A10DAAA9-A4CF-4CC8-9FD9-83B408313DB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{A7B95F1F-8FA5-4149-B61B-E27AA8894896}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B4B96964-3EB5-40B4-A61E-D498D3494729}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{BEDD1ABA-1FFD-4C46-9AE2-198C0CE9D7BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BF813773-44AD-43BB-B1E9-EDCDB21E01DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C3F2B0C8-329F-405B-B802-E883004CE7E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{C8EC2962-E51C-40D0-8406-7E51C18329BD}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | "{C8F4EF3C-35CB-4D84-8193-0A787CD7D408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{E74B3A15-FC03-460D-BB5E-8936F0473769}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{F6B5A8B4-1362-4CA5-82CA-814B5E8CAA2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{F8017F41-2FAC-41A2-8DA5-CF8F2E43395E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FB3AA94D-AF8A-4D14-8212-C21C6786BB9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min "{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai "{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish "{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord "{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility "{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian "{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library "{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures "{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library "{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch "{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1 "{697CAA90-EB0D-4383-8AC4-D4A9D767C615}" = SymNet "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish "{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian "{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600 "{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard "{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian "{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007 "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007 "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007 "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007 "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007 "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static "{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese "{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French "{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard "{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian "{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish "{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window "{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C237CF8F-85CD-4208-8A29-67EDEBAB9EF6}" = Symantec Real Time Storage Protection Component "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3 "{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian "{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek "{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional "{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish "{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task "{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish "{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14 "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian "{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German "{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish "{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Audio Converter_is1" = AVS Audio Converter version 7 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "CHAMP Professional" = CHAMP Professional "DivX Setup.divx.com" = DivX-Setup "Free YouTube Download_is1" = Free YouTube Download version 2.10.31 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library "InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX "InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX "InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX "InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1 "LingoPad_is1" = LingoPad 2.5.1 (Build 325) "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "ShadowExplorer_is1" = ShadowExplorer 0.8 "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "Trillian" = Trillian "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.11 "vShare" = vShare Plugin "Winamp" = Winamp "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.06.2012 19:19:44 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Aplicación con errores iexplore.exe, versión 9.0.8112.16421, marca de hora 0x4d76255d, módulo con errores ntdll.dll, versión 6.0.6002.18541, marca de tiempo 0x4ec3e3d5, código de excepción 0xc0000374, desplazamiento con errores 0x000b06b7, Id. de proceso 0x1118, hora de inicio de la aplicación 0x01cd41ce8dfb93ae. Error - 05.06.2012 20:52:27 | Computer Name = xxx | Source = EventSystem | ID = 4621 Description = Error - 08.06.2012 21:53:36 | Computer Name = xxx | Source = EventSystem | ID = 4621 Description = Error - 09.06.2012 21:17:39 | Computer Name = xxx | Source = EventSystem | ID = 4621 Description = Error - 10.06.2012 21:08:40 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control de Informes de problemas y soluciones. Id. de proceso: 5e4 Hora de inicio: 01cd476e7acf4ef4 Hora de finalización: 30888 Error - 10.06.2012 21:26:34 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control de Informes de problemas y soluciones. Id. de proceso: 5ac Hora de inicio: 01cd4770d355f58e Hora de finalización: 60000 Error - 10.06.2012 21:39:25 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control de Informes de problemas y soluciones. Id. de proceso: a58 Hora de inicio: 01cd477215f92bf7 Hora de finalización: 45453 Error - 11.06.2012 08:05:57 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control de Informes de problemas y soluciones. Id. de proceso: 3b8 Hora de inicio: 01cd47c917731764 Hora de finalización: 4 Error - 11.06.2012 08:22:00 | Computer Name = xxx | Source = EventSystem | ID = 4609 Description = Error - 11.06.2012 09:11:37 | Computer Name = xxx| Source = EventSystem | ID = 4609 Description = Error - 11.06.2012 09:12:36 | Computer Name = xxx | Source = VSS | ID = 18 Description = [ System Events ] Error - 11.06.2012 08:34:47 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 08:45:08 | Computer Name = xxx | Source = Service Control Manager | ID = 7024 Description = Error - 11.06.2012 09:11:22 | Computer Name = xxx | Source = EventLog | ID = 6008 Description = El cierre anterior del sistema a las 14:09:42 del 11.06.2012 resultó inesperado. Error - 11.06.2012 09:11:31 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 09:11:37 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 09:11:55 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 09:12:36 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 09:12:49 | Computer Name = xxx | Source = Service Control Manager | ID = 7001 Description = Error - 11.06.2012 09:12:49 | Computer Name = xxx | Source = Service Control Manager | ID = 7026 Description = Error - 11.06.2012 09:31:49 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = < End of report > Geändert von Tan Ya (11.06.2012 um 15:07 Uhr) |
13.06.2012, 13:19 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstelltZitat:
Dein Besucher macht genau was?
__________________ |
13.06.2012, 17:16 | #3 |
| BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt "Besuch macht das" soll einfach heissen, dass die zusätzlichen, kleinen Probleme bei euch unbeachtet bleiben können!!!
__________________Da ich nicht genau verstehe, was denn alles in der otl-datei steht, dachte ich mir, ich schreib dazu, dass mein Problem NUR der TRojaner ist, auch wenn der Rest ebenfalls "unordentlich" ist. Ich wollte einfach niemanden zuviel Arbeit machen . Sorry, wenn es komplizierter klingt, als es ist. Habe es übrigens gestern im abgesicherten Modus geschafft, den PC auf einen Stand von vor einigen Tagen zurück zu setzen. Jetzt läuft er wieder. Ist damit mein Trojaner-Problem schon beseitigt??? |
13.06.2012, 20:38 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
15.06.2012, 15:42 | #5 |
| BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt hallo arne, danke für die schnellen reaktionen. mein nachbar hat alles hingekriegt. super, weil ich schon bei "malwarebytes aktualisieren" wieder ausgestiegen war... ich finds klasse, was ihr hier macht, auch wenn es für mich immer noch zu schwer ist. trotzdem ganz ernsthaft DANKE!!! lg, tan ya |
15.06.2012, 17:13 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstelltZitat:
__________________ --> BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt |
16.06.2012, 01:24 | #7 |
| BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt Ja. Ist mir schon klar. Aber, Arne, es ist so viel einfacher, einen netten Nachbarn zu bitten, wenn man eine Frau ist... einen tiefen Augenaufschlag, einen selbstgemachten Kuchen anbieten und schon wird dem kleinen Frauchen geholfen... Ich lebe im Macholand Spanien und freu mich über das noch funktionierende Rollenverhalten! Trotzdem - danke! Wenn mein Nachbar das nächste Mal keine Zeit hat, nehm ich mir selbige und pfriemel mich durch alle Anleitungen, die mir jetzt böhmische Dörfer sind. Versprochen! Gruss, Tan Ya |
Themen zu BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt |
32 bit, autorun, avira, avira searchfree toolbar, babylon toolbar, babylontoolbar, bho, bka bundeskriminalamt virus, canon, defender, error, excel, explorer, firefox, flash player, format, google earth, helper, home, iexplore.exe, install.exe, logfile, microsoft office word, monitor, ntdll.dll, object, plug-in, pop-up-blocker, popup, realtek, registry, rundll, scan, searchscopes, software, symantec, trojaner, ucash 100 euro, usenext, vista |